Moonlight Maze

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Moonlight Maze is a notorious malware that emerged in the 1990s, primarily targeting government, military, and defense sector entities. This malicious software was designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it could steal personal information, disrupt operations, or even hold data hostage for ransom. The primary aim of Moonlight Maze was espionage, characterized by a reliably quiet assault on targets that rarely drew attention to itself. The malware has been associated with Turla, a Russian-speaking advanced persistent threat (APT) group, which has been observed using sophisticated tactics and recycled code from older attacks such as Moonlight Maze. Despite occasional high-profile operations like the Agent.BTZ incident in the early 2000s and the Moonlight Maze activity in the '90s, much of Turla's activity goes unnoticed. In a recent case, Turla was noted to be using command-and-control servers from a decade-old malware, Andromeda, to target and spy on Ukrainian systems. The significance of Moonlight Maze in the history of cyber warfare is recognized at the International Spy Museum in Washington, DC, where joint work on the malware is featured in a permanent exhibit. The complex nature of this malware and its impact on cybersecurity practices continue to be relevant topics of study and discussion in the field. Moonlight Maze serves as a reminder of the continuous threats posed by cyber-espionage activities and the need for robust security measures.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Agent.btzUnspecified
2
Agent.btz, also known as ComRAT v4, is a remote access trojan (RAT) developed using C++ and employing a virtual FAT16 file system. This malicious software was one of the earliest backdoors used by Pensive Ursa, a cyber-espionage group. Notably, the malware is frequently used to exfiltrate sensitive
ANDROMEDAUnspecified
1
Andromeda is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or hold data ho
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
TurlaUnspecified
2
Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Moonlight Maze Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
FBI disrupts sophisticated Russian cyberespionage operation
DARKReading
a year ago
FBI Disarms Russian FSB 'Snake' Malware Network
CERT-EU
9 months ago
Cyber is the New Cyber – Managing Emergent Risks