A link to the past: 20 year-old attack that remains relevant

Samples from 1990s cyberattack suggest possible link to modern threat actor

The Moonlight Maze cyber attacks targeted the Pentagon, NASA and more. Newly unearthed evidence shows how a backdoor used to extract victim data in 1998 connects to one used by Turla in 2011 and possibly 2017.

Learn more

Ancient APT tools can evolve into current threats

Moonlight Maze was active from 1996 - 2003, targeting mainly government and military organizations in the US. Much of the official evidence was classified.

In 2016, Kaspersky and Kings College London unearthed a trove of logs and samples belonging to the APT – held on a proxy server in the UK.

The findings show that an open-source backdoor used in 1998 by Moonlight Maze connects to an evolved open-source backdoor used by Turla in 2011, and possibly 2017.

The findings also reveal a lot about the attacks – enough to reconstruct the attack sequence and typology, tools and techniques.


We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.

Accept and Close