Moonlight Maze

Malware updated a month ago (2024-10-15T10:00:55.564Z)

Download STIX

Preview STIX

Moonlight Maze is a notorious malware that was part of an extensive espionage campaign during the 1990s. The malicious software compromised the networks of several key institutions, including the Department of Defense, NASA, and the Department of Energy, along with defense contractors and other parties. This malware was characterized by its stealthy approach to infiltrating systems, rarely drawing attention to itself while focusing on classic targets of espionage such as government, military, and the defense sector. The group behind Moonlight Maze also carried out other significant attacks, such as the Agent.BTZ campaign in the early 2000s. This involved a computer worm that used USB flash drives to infect both classified and unclassified networks at U.S. Central Command. Despite these high-profile operations, most of the group's activities go unnoticed due to their reliably quiet assault on targets. In recent years, the group, known as Turla, has continued its cyber espionage activities. For instance, they were observed using command-and-control servers from a decade-old malware called Andromeda to target and spy on Ukrainian systems. The work on Moonlight Maze has gained recognition and is now featured in the International Spy Museum's permanent exhibit in Washington, DC. Despite occasional exposure of major incidents like the Agent.BTZ incident and Moonlight Maze activity, the breadth of Turla's activities often remains undetected.

Description last updated: 2024-10-15T09:18:30.038Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Agent.btz is a possible alias for Moonlight Maze. Agent.btz, also known as ComRAT v4, is a remote access trojan (RAT) developed using C++ and employing a virtual FAT16 file system. This malicious software was one of the earliest backdoors used by Pensive Ursa, a cyber-espionage group. Notably, the malware is frequently used to exfiltrate sensitive	2
Turla is a possible alias for Moonlight Maze. Turla, a threat actor linked to Russia, is known for its sophisticated cyber espionage operations. The group has been associated with numerous high-profile attacks, often utilizing advanced backdoors and fileless malware for infiltration and persistence. Turla's tactics, techniques, and procedures (	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Moonlight Maze Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	2 years ago	US, partners dismantle malware network used in 20-year Russian spy campaign
CERT-EU	2 years ago	FBI disrupts sophisticated Russian cyberespionage operation
DARKReading	2 years ago	FBI Disarms Russian FSB 'Snake' Malware Network
CERT-EU	a year ago	Cyber is the New Cyber – Managing Emergent Risks