Attackers prefer to reuse code and tools for as long as they keep working. In that tradition, researchers have found evidence suggesting a cyberespionage group is still successfully using tools and infrastructure that was first deployed in attacks 20 years ago.The Moonlight Maze refers to the wave of attacks that targeted U.S. military and government networks, universities, and research institutions back in the mid-to-late 1990s. While the Moonlight Maze disappeared from the radar after the FBI and Department of Defense investigation became public in 1999, there were whispers within the security community that the cyberespionage group never entirely went away. Turla, a Russian-speaking attack group that’s also known as Venomous Bear, Uroburos, and Snake, was floated as a possibility, but until recently, all links were guesswork and speculation.Now, researchers from Kaspersky Lab and Kings College London believe they have found the technical evidence linking Turla and Moonlight Maze.After analyzing Penguin Turla (the Linux-based backdoor tool used by Turla) and the open source data extraction tool-based backdoor used in the Moonlight Maze attacks, the researchers concluded they were both established on the open source LOKI2 program released in Phrack magazine in 1996. The Moonlight Maze backdoor has not been deployed in modern… Read full this story

Old attack code is new weapon for Russian hackers have 348 words, post on www.csoonline.com at April 4, 2017. This is cached page on IT Breaking News. If you want remove this page, please contact us.