TajMahal cyber-espionage campaign uses previously unseen malicious tools
At the Kaspersky Security Analyst Summit (SAS) in Singapore, Kaspersky Lab researchers described a sophisticated cyber espionage campaign uncovered at the end of last year. The campaign, which seems to have no links to know threat actors, uses malware dubbed TajMahal, which researchers describe as “a technically sophisticated APT framework designed for extensive cyber espionage.”
TajMahal is an advanced form of backdoor malware that consists of 80 modules for different espionage capabilities, allowing the malware to record keystrokes, take screenshots, activate the webcam, steal browser cookies and perform dozens of other typical spyware functions. However, some of the modules are unique, such as the ability to retrieve documents that have been sent to the printer and to steal data that has been burnt into a CD.
While the researchers discovered that TajMahal has been around since at least 2013, they have so far only identified one victim of the malware, namely ‘a diplomatic entity from a country in Central Asia’ that was targeted in 2014. However, the researchers believe there should be more victims because “[t]he technical sophistication [of TajMahal] is beyond doubt and it seems unlikely that such a huge investment would be undertaken for only one victim”