Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Thursday April 06 2017, @12:03PM   Printer-friendly
from the acid-burn-and-crash-override dept.

Back in the 90s, in 1996, when the Internet was barely a few years old, two cyber-espionage groups dominated the cyber-space: Moonlight Maze and the Equation Group.

Their operations shocked the world and made people realize that hackers are also capable of stealing state secrets, not just money from bank accounts. That's when the term cyber-warfare became reality and not just the plot B-rated Hollywood movies.

While details collected about the Equation Group across the years have allowed researchers to issue theories on its connections with the US National Security Agency, very few details were collected about Moonlight Maze, the first ever APT.

Moonlight Maze, the first ever APT

The group was active in the late 90s and seemed to have disappeared at the turn of the century. Their attacks were studied and studied again and their mode of operation became standard practice for malware and cyber-attackers.

The group and its attacks achieved mythical status in the cyber-security world and were the subject of many books.

Through the years, Moonlight Maze hacked many important US targets such as government agencies and top universities. Victims included the Pentagon, NASA, the US Navy, and the Department of Energy, just to name the bigger ones.

[...] The hunt continues

While 100% attribution is never certain in cyber-espionage campaigns, the clues uncovered on the HRTest server revealed more insight into Moonlight Maze operations than ever before.

Kaspersky researchers are now making a public plea to other sysadmins that still have old servers running or tucked somewhere on their network. If they still have logs going back to those early days of the Internet and they have evidence the server was [compromised], researchers can be reached via email.

The full Kaspersky report can be found here [pdf], IOCs are here [pdf], and YARA rules for discovering Moonlight Maze malware is here.

Source: BleepingComputer


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Arik on Friday April 07 2017, @02:07AM

    by Arik (4543) on Friday April 07 2017, @02:07AM (#489993) Journal
    The web of 1996 was smaller, but it was far more sane.

    The email virus was still only an urban myth, and while we were already three years into September, the majority of the net was still thriving, blissfully unaffected.
    --
    If laughter is the best medicine, who are the best doctors?
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2