Cyber Resilience

Threat actor · all actors

Moonstone SleetG1036 state

🇰🇵 KP

aka Moonstone Sleet, Storm-1789

Last updated: 2026-07-03

0attributed CVEs
42ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Moonstone Sleet](https://attack.mitre.org/groups/G1036) is a North Korean-linked threat actor executing both financially motivated attacks and espionage operations. The group previously overlapped significantly with another North Korean-linked entity, [Lazarus Group](https://attack.mitre.org/groups/G0032), but has differentiated its tradecraft since 2023. [Moonstone Sleet](https://attack.mitre.org/groups/G1036) is notable for creating fake companies and personas to interact with victim entities, as well as developing unique malware such as a variant delivered via a fully functioning game.(Citation: Microsoft Moonstone Sleet 2024)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-420 / 4248%
SI-319 / 4245%
CM-218 / 4243%
CM-617 / 4240%
CA-716 / 4238%
CM-714 / 4233%
AC-412 / 4229%
SC-710 / 4224%
SI-210 / 4224%
AC-39 / 4221%
AC-69 / 4221%
SI-79 / 4221%
AC-28 / 4219%
CM-57 / 4217%
SC-447 / 4217%

Co-occurring actors

None.

Similar actors

Similar TTPs