Back to Blog

Russian Hackers Have Used the Same Backdoor for Two Decades

April 3, 2017

By: Sikur



Date: 04.03.17

ABOUT A YEAR ago, the two-decade-old trail of a group of Russian hackers led Thomas Rid to a house in the quiet London suburb of Hartley Wintney. Rid, a cybersecurity-focused political science professor and historian, wrote a long-shot email to David Hedges, a 69-year-old retired IT consultant who lived there. Rid wanted to know if Hedges might somehow still possess a very specific, very old chunk of data: the logs of a computer Hedges had used to run a website for one of his clients in 1998. Back then, Russian spies had commandeered it, and used it to help run one of the earliest mass-scale digital intrusion campaigns in computing history.

A few weeks later, Hedges answered as if he’d almost been expecting the request: The ancient, beige, HP 9000 computer that the Russians had hijacked was still sitting under his office desk. Its logs were stored on a Magneto optical drive in his home safe. “I’d always thought this might be interesting one day,” Hedges says. “So I put it in my safe and forgot about it until Thomas rang me.”

Over the months since then, Rid and a team of researchers from King’s College and the security firm Kaspersky have pored over Hedges’ data, which recorded six months of the Russian hackers’ moves as they breached dozens of American government and military agencies—a history-making series of intrusions that’s come to be known as Moonlight Maze. In research they’re presenting at the Kaspersky Security Analyst Summit Monday, they argue that their archaeological hacker excavation reveals more than just a digital museum piece from the dawn of state cyberespionage. The researchers say they’ve found a piece of vintage malicious code in that trove that survives today, as part of the arsenal of a modern-day team of Russian hackers—believed to have Kremlin ties—known as Turla. And they suggest that contemporary hacking team—though mutated and evolved through the years—could be the same one that first appeared in the late 90s, making it one of the longest-lived cyberespionage operations in history.


Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

Follow us


Contact Us
First Name*
Last Name*
Mobile Number*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
I agree to the Privacy Policy and Terms of Service.