Threat actor · all actors
Moonstone SleetG1036 state
🇰🇵 KP
aka Moonstone Sleet, Storm-1789
Last updated: 2026-07-03
About this actor
[Moonstone Sleet](https://attack.mitre.org/groups/G1036) is a North Korean-linked threat actor executing both financially motivated attacks and espionage operations. The group previously overlapped significantly with another North Korean-linked entity, [Lazarus Group](https://attack.mitre.org/groups/G0032), but has differentiated its tradecraft since 2023. [Moonstone Sleet](https://attack.mitre.org/groups/G1036) is notable for creating fake companies and personas to interact with victim entities, as well as developing unique malware such as a variant delivered via a fully functioning game.(Citation: Microsoft Moonstone Sleet 2024)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 20 / 42 | 48% |
SI-3 | 19 / 42 | 45% |
CM-2 | 18 / 42 | 43% |
CM-6 | 17 / 42 | 40% |
CA-7 | 16 / 42 | 38% |
CM-7 | 14 / 42 | 33% |
AC-4 | 12 / 42 | 29% |
SC-7 | 10 / 42 | 24% |
SI-2 | 10 / 42 | 24% |
AC-3 | 9 / 42 | 21% |
AC-6 | 9 / 42 | 21% |
SI-7 | 9 / 42 | 21% |
AC-2 | 8 / 42 | 19% |
CM-5 | 7 / 42 | 17% |
SC-44 | 7 / 42 | 17% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- BITTER 0.28
- EXOTIC LILY 0.28
- Sandworm Team 0.27
- CURIUM 0.27
- Operation Dream Job 0.26
Same nation-state
- Operation Dream Job 1.00
- 3CX Supply Chain Attack 1.00
- Lazarus Group 1.00
- APT37 1.00
- APT38 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00