Moonlight Maze

Malware updated 4 months ago (2024-05-05T05:17:37.504Z)

Download STIX

Preview STIX

Moonlight Maze is a notorious malware that emerged in the 1990s, primarily targeting government, military, and defense sector entities. This malicious software was designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it could steal personal information, disrupt operations, or even hold data hostage for ransom. The primary aim of Moonlight Maze was espionage, characterized by a reliably quiet assault on targets that rarely drew attention to itself. The malware has been associated with Turla, a Russian-speaking advanced persistent threat (APT) group, which has been observed using sophisticated tactics and recycled code from older attacks such as Moonlight Maze. Despite occasional high-profile operations like the Agent.BTZ incident in the early 2000s and the Moonlight Maze activity in the '90s, much of Turla's activity goes unnoticed. In a recent case, Turla was noted to be using command-and-control servers from a decade-old malware, Andromeda, to target and spy on Ukrainian systems. The significance of Moonlight Maze in the history of cyber warfare is recognized at the International Spy Museum in Washington, DC, where joint work on the malware is featured in a permanent exhibit. The complex nature of this malware and its impact on cybersecurity practices continue to be relevant topics of study and discussion in the field. Moonlight Maze serves as a reminder of the continuous threats posed by cyber-espionage activities and the need for robust security measures.

Description last updated: 2024-05-05T04:21:15.183Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Agent.btz	Unspecified	2	Agent.btz, also known as ComRAT v4, is a remote access trojan (RAT) developed using C++ and employing a virtual FAT16 file system. This malicious software was one of the earliest backdoors used by Pensive Ursa, a cyber-espionage group. Notably, the malware is frequently used to exfiltrate sensitive

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Turla	Unspecified	2	Turla, a threat actor linked to Russia, is known for its sophisticated cyber-espionage activities. It has been associated with numerous high-profile attacks, employing innovative techniques and malware to infiltrate targets and execute actions with malicious intent. According to MITRE ATT&CK and MIT

Source Document References

Information about the Moonlight Maze Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	FBI disrupts sophisticated Russian cyberespionage operation
DARKReading	a year ago	FBI Disarms Russian FSB 'Snake' Malware Network
CERT-EU	10 months ago	Cyber is the New Cyber – Managing Emergent Risks