APT / THREAT GROUP💰 FINANCIALHIGH
Luna
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
ESXi encrypting ransomware written in Rust.
Threat Analysis
Luna is a high-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like Luna prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
With high sophistication, Luna is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.
Intelligence Reports Mentioning Luna
OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards
The Hacker News· Jun 27, 2026
Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms
Mandiant Blog· Jun 5, 2026
Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems
Infosecurity Magazine· May 29, 2026
Why Simple Breach Monitoring is No Longer Enough
BleepingComputer· Apr 6, 2026
From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion
The DFIR Report· Sep 29, 2025
External References
Quick Facts
TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Aliases2
Also Known As
elf.lunaLuna
External Intelligence
Malpedia: elf.lunaResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.