A North Korean state-sponsored threat actor is suspected of collaborating with the Play ransomware gang in a September cyberattack, Palo Alto Networks Unit 42 reported Wednesday. The group tracked by Unit 42 as Jumpy Pisces, also known as Andariel, Onyx Sleet and Stonefly, made initial access via a compromised account in May 2024 and then deployed open-source and custom tools for lateral movement and persistence.
Source: SC Magazine