Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Mysterious Hackers Hid Their Swiss Army Spyware for 5 Years

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 10 Apr 2019 07:53:10 +0000 (UTC)
https://www.wired.com/story/tajmahal-swiss-army-spyware-apt/

By Andy Greenberg
Wired.com
April 9, 2019
IT'S NOT EVERY day that security researchers discover a new state-sponsored hacking group. Even rarer is the emergence of one whose spyware has 80 distinct components, capable of strange and unique cyberespionage tricks—and who's kept those tricks under wraps for more than five years.
In a talk at the Kaspersky Security Analyst Summit in Singapore Wednesday, Kaspersky security researcher Alexey Shulmin revealed the security firm's discovery of a new spyware framework—an adaptable, modular piece of software with a range of plugins for distinct espionage tasks—that it's calling TajMahal. The TajMahal framework's 80 modules, Shulmin says, comprise not only the typical keylogging and screengrabbing features of spyware, but also never-before-seen and obscure tricks. It can intercept documents in a printer queue, and keep track of "files of interest," automatically stealing them if a USB drive is inserted into the infected machine. And that unique spyware toolkit, Kaspersky says, bears none of the fingerprints of any known nation-state hacker group.
"Such a large set of modules tells us that this APT is extremely complex," Shulmin wrote in an email interview ahead of his talk, using the industry jargon—short for advanced persistent threat—to refer to a sophisticated hackers who maintain long-term and stealthy access to victim networks. "TajMahal is an extremely rare, technically advanced and sophisticated framework, which includes a number of interesting features we have not previously seen in any other APT activity. Coupled with the fact that this APT has a completely new code base—there are no code similarities with other known APTs and malware—we consider TajMahal to be special and intriguing." 

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: