Kaspersky reveals TajMahal, a sophisticated spying framework
The Kaspersky Global Research and Analysis Team published technical details of a sophisticated advanced persistent threat (APT) framework called TajMahal that cannot be attributed to any previously known APT group. Kaspersky claims that this APT has existed for at least five years according to the framework timestamps, and the only detected victim so far is a diplomatic entity from a country in Central Asia.
The spying framework consists of two major parts named ‘Tokyo’ and ‘Yokohama’, and the entire APT toolkit contains up to 80 malicious modules. TajMahal can steal documents that are sent to printer queues; take screenshots and record audio of voice over IP calls; steal files previously seen on removable drives once they are available again. The APT framework also has backdoors, keyloggers, and its own file indexer for the victim’s machine.
Kaspersky believes that there are many more victims to be discovered in future due to the sophisticated design of TajMahal APT.