https://www.wired.com/story/tajmahal-swiss-army-spyware-apt/
By Andy Greenberg
Wired.com
April 9, 2019
IT'S NOT EVERY day that security researchers discover a new state-sponsored
hacking group. Even rarer is the emergence of one whose spyware has 80 distinct
components, capable of strange and unique cyberespionage tricks—and who's kept
those tricks under wraps for more than five years.
In a talk at the Kaspersky Security Analyst Summit in Singapore Wednesday,
Kaspersky security researcher Alexey Shulmin revealed the security firm's
discovery of a new spyware framework—an adaptable, modular piece of software
with a range of plugins for distinct espionage tasks—that it's calling
TajMahal. The TajMahal framework's 80 modules, Shulmin says, comprise not only
the typical keylogging and screengrabbing features of spyware, but also
never-before-seen and obscure tricks. It can intercept documents in a printer
queue, and keep track of "files of interest," automatically stealing them if a
USB drive is inserted into the infected machine. And that unique spyware
toolkit, Kaspersky says, bears none of the fingerprints of any known
nation-state hacker group.
"Such a large set of modules tells us that this APT is extremely complex,"
Shulmin wrote in an email interview ahead of his talk, using the industry
jargon—short for advanced persistent threat—to refer to a sophisticated hackers
who maintain long-term and stealthy access to victim networks. "TajMahal is an
extremely rare, technically advanced and sophisticated framework, which
includes a number of interesting features we have not previously seen in any
other APT activity. Coupled with the fact that this APT has a completely new
code base—there are no code similarities with other known APTs and malware—we
consider TajMahal to be special and intriguing."
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
