137th Day Of Lockdown

Maharashtra49026232728117092 Tamil Nadu2850242275754690 Andhra Pradesh2069601204641842 Karnataka164924842322998 Delhi1427231282324082 Uttar Pradesh113378668341981 West Bengal89666630601954 Bihar7179446294400 Gujarat68855517922604 Assam5549737225132 Rajasthan4941835186763 Odisha4255028698292 Haryana4005433444467 Madhya Pradesh3729827621962 Kerala3170019147103 Jammu and Kashmir2392716218449 Punjab2193014040539 Jharkhand165427503154 Chhatisgarh11408831987 Uttarakhand89015731112 Goa7947559570 Telangana751354330615 Tripura6014408437 Puducherry5123291475 Manipur3466192610 Himachal Pradesh3206200813 Nagaland26578247 Arunachal Pradesh204913263 Chandigarh137482023 Meghalaya10234236 Sikkim8544061 Mizoram5672890
Technology Other News 16 Apr 2019 Taj Mahal cyberespio ...

Taj Mahal cyberespionage framework has been active since at least 2013

DECCAN CHRONICLE
Published Apr 16, 2019, 12:35 pm IST
Updated Apr 16, 2019, 12:35 pm IST
Malware analysis shows that the platform has been developed and used for at least the last five years.
Malware analysis shows that the platform has been developed and used for at least the last five years, with the earliest sample dated April 2013, and the most recent August 2018.
 Malware analysis shows that the platform has been developed and used for at least the last five years, with the earliest sample dated April 2013, and the most recent August 2018.

Kaspersky Lab researchers have uncovered a technically sophisticated cyberespionage framework that has been active since at least 2013 and appears to be unconnected to any known threat actors. The framework, which researchers have named TajMahal, features around 80 malicious modules and includes functionality never before seen in an advanced persistent threat, such as the ability to steal information from printer queues and to grab previously seen files from a USB device the next time it reconnects. Kaspersky Lab has so far seen only one victim, a foreign-based central Asian embassy, but it is likely that others have been affected.

Kaspersky Lab researchers discovered TajMahal in late 2018. It is a technically sophisticated APT framework designed for extensive cyber espionage. Malware analysis shows that the platform has been developed and used for at least the last five years, with the earliest sample dated April 2013, and the most recent August 2018. The name TajMahal comes from the name of the file used to exfiltrate the stolen data.

 

The TajMahal framework is believed to include two main packages, self-named as ‘Tokyo’ and ‘Yokohama’.

Tokyo is the smaller of the two, with around three modules. It contains the main backdoor functionality, and periodically connects with the command and control servers. Tokyo leverages PowerShell and remains in the network even after the intrusion has moved to stage two.

Stage two is the Yokohama package: a fully armed spying framework. Yokohama includes a Virtual File System (VFS) with all plugins, open source and proprietary third-party libraries, and configuration files.  There are nearly 80 modules in all, and they include loaders, orchestrators, command and control communicators, audio recorders, keyloggers, screen and webcam grabbers, documents and cryptography key stealers.

 

TajMahal is also able to grab browser cookies, gather the backup list for Apple mobile devices, steal data from a CD burnt by a victim as well as documents in a printer queue. It can also request the theft of a particular file from a previously seen USB stick, and the file will be stolen the next time the USB is connected to the computer.

The targeted systems found by Kaspersky Lab were infected with both Tokyo and Yokohama. This suggests that Tokyo was used as first stage infection, deploying the fully-functional Yokohama package on interesting victims, and then left in for backup purposes.

 

So far, only one victim has been observed - a foreign-based, central Asian diplomatic entity, infected by 2014. The distribution and infection vectors for TajMahal are currently unknown.   

Click on Deccan Chronicle Technology and Science for the latest news and reviews. Follow us on Facebook, Twitter

...




ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT