Malicious Life Podcast: Moonlight Maze

This report narrates Thomas Rid’s cyber-archaeology investigation that linked the 1996–1999 Moonlight Maze espionage campaign to the Turla APT by analyzing preserved HR Test server logs and malware samples; it documents large-scale exfiltration (≈5.5GB) from ~1,600 US targets, reuse and evolution of the 1997 LOKI2 ICMP tunneling exploit into later tools (Storm Cloud, Uroburos, Agent.BTZ), and concludes Turla is a sophisticated, long-lived nation-state espionage actor active into the 21st century.