Decoding a 'New' Elite Cyber Espionage Team
Stealthy and well-heeled hacking group went undetected for five years and wields a massive attack framework of some 80 different modules.
It's an expansive cyber espionage operation that canvasses a victim's network with backdoors, loaders, keyloggers, screen and webcam grabbers, and audio recorders, and it even siphons data from printer queues, burned CDs, and Apple iOS smartphone backups.
The so-called TajMahal attack framework operated invisibly for five years until it was uncloaked last fall by researchers at Kaspersky Lab who found it embedded deep in the network of a diplomatic organization in Central Asia, where it had been spying and stealing documents since 2014. TajMahal comes with a whopping 80 different attack modules, including an unusual and rare one that lets the attacker steal specific files from a USB stick when the device is inserted into a computer.
Given the breadth of TajMahal's attack arsenal, there are likely other victims that have not yet been identified. "They're possibly using this framework elsewhere, but we're not [able to see] in those organizations. It would be highly unusual for a malware set that looks like this to be for" a single use, said Kurt Baumgartner, principal security researcher with Kaspersky Lab, in an interview last week at the Kaspersky Security Analyst Summit in Singapore, where the company shared its findings on TajMahal.
