UAT-5394 — which has been suspected to be Kimsuky, its subgroup, or a separate operation leveraging Kimsuky's toolkit — established updated test virtual machines, payload-hosting sites, and command-and-control servers to support the creation of new MoonPeak RAT variants as part of the attack campaign.
Article Link: Novel MoonPeak RAT leveraged by North Korean hackers | SC Media