A Kaspersky Lab announces the discovery of a sophisticated cyberspace infrastructure that has been active since 2013 and appears to be disconnected from known hackers.
The infrastructure is named "TajMahal"Includes 80 malicious modules and features never before seen in advanced persistent threats such as information theft on printers and USB devices. So far, Kaspersky Lab has identified an embassy in Central Asia as the only victim, but it is very likely that other entities have been affected.
Kaspersky Lab researchers discovered the TajMahal at the end of 2018. It is a technically sophisticated APT framework designed for extensive cyberspace. The malware analysis shows that the platform has been developed and used for at least the last five years, with the oldest sample from April 2013 and the latest August 2018. The name TajMahal comes from the name of the file used to exfiltrate the stolen data.
"TajMahal" is also able to steal browser cookies, collect the mobile device Apple Lossless Audio CODEC (ALAC),, steal data from a victim-recorded CD, as well as documents that are in the queue of a printer. You can also request the theft of a specific file previously viewed on flash drives, and it will be stolen the next time you connect it to the computer's USB port.
To avoid being the victim of an attack directed by a known or unknown hacker, Kaspersky Lab researchers recommend the implementation of the following measures:
- Use advanced security tools such as the Kaspersky Anti Targeted Attack Platform (KATA), and make sure your security team has access to the latest intelligence on cyber threats.
- Be sure to update all the software used in your organization regularly, especially when a new security patch is released. Security products with vulnerability assessment and patch management capabilities can help automate these processes.
- Choose a proven security solution such as Kaspersky Endpoint Security equipped with behavior-based detection capabilities for effective protection against known and unknown threats, including exploits.
- Make sure your team understands the basic hygiene of cyber security, since many targeted attacks start with phishing or another social engineering technique.
