North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

Microsoft researchers reported that North Korea-linked APT Moonstone Sleet has been using Qilin ransomware in limited attacks since February 2025. This represents the first time the group has deployed ransomware developed by a RaaS operator, deviating from their previous use of custom ransomware.