Tuesday, July 27, 2021
400 July

Pension 1500 gif

Shaheed 50 lakh gif

Kisan Karza 5.64 lakh gif

Kisan 48 hours gif

Ashirwad 51000 gif

Markfed New Gif

Innocent Admission

Rare spying platform TajMahal discovered after 5 years

- Advertisement -

New Delhi, April 16, 2019 –

Researchers with cyber security firm Kaspersky Lab have uncovered a sophisticated spying platform, TajMahal, that has been active for more than five years now and appears to be unconnected to any known threat actors.

The TajMahal framework features around 80 malicious modules and includes functionality never before seen in an advanced persistent threat, such as the ability to steal information from printer queues and to grab previously seen files from a USB device the next time it reconnects, the researchers said.

Kaspersky Lab has so far seen only one victim, a foreign-based central Asian embassy, but it is likely that others have been affected.

“It seems highly unlikely that such a huge investment would be undertaken for only one victim. This suggests that there are either further victims not yet identified, or additional versions of this malware in the wild, or possibly both,” said Alexey Shulmin, Lead Malware Analyst at Kaspersky Lab.

“The distribution and infection vectors for the threat also remain unknown. Somehow, it has stayed under the radar for over five years. Whether this is due to relative inactivity or something else is another intriguing question. There are no attribution clues nor any links we can find to known threat groups,” Shulmin added.

The name “TajMahal” comes from the name of the file used to exfiltrate the stolen data, Kaspersky Lab said.

The TajMahal framework is believed to include two main packages, self-named as “Tokyo” and “Yokohama”.

Tokyo is the smaller of the two, with around three modules. It contains the main backdoor functionality, and periodically connects with the command and control servers. Tokyo leverages PowerShell and remains in the network even after the intrusion has moved to stage two.

Stage two is the Yokohama package: a fully armed spying framework. Yokohama includes a Virtual File System (VFS) with all plug-ins, open source and proprietary third-party libraries, and configuration files. There are nearly 80 modules in all, and they include loaders, orchestrators, command and control communicators, audio recorders, keyloggers, screen and webcam grabbers, documents and cryptography key stealers.

TajMahal is also able to grab browser cookies, gather the backup list for Apple mobile devices, steal data from a CD burnt by a victim as well as documents in a printer queue, the researchers said.

It can also request the theft of a particular file from a previously seen USB stick, and the file will be stolen the next time the USB is connected to the computer.

The targeted systems found by Kaspersky Lab were infected with both Tokyo and Yokohama. This suggests that Tokyo was used as first stage infection, deploying the fully-functional Yokohama package on interesting victims, and then left in for backup purposes.  (Agency)

- Advertisement -

Yes Punjab - TOP STORIES

Punjab News

Sikh News

Transfers, Postings, Promotions

- Advertisement -spot_img

Stay Connected

20,369FansLike
111,894FollowersFollow

ENTERTAINMENT

National

GLOBAL

OPINION

Attack on Chinese in Pakistan

Who is behind the attack on Chinese in Pakistan – by Amjad Ayub Mirza

The deadly attack, carried out on July 15, on a coach carrying Chinese engineers to an under-construction tunnel site at the 4300 MW Dasu...
Coexistence

Coexistence, a unifying factor for Indians – by Asad Mirza

For most political parties, sociologists and psephologists what a common Indian on the street thinks matters most. It is an insight into a common...
Taliban Afghanistan

Taliban’s Next Stop: Kabul, Kashmir and Kerala – by Amjad Ayub Mirza

The speedy advance of the Taliban from northern Afghanistan to Kabul in the eastern section of the country could not have been achieved without...

SPORTS

Health & Fitness

Diabetes Check

Covid-19 may bring a new wave of diabetes: Study

New York, July 24, 2021- While diabetes is known to be a risk factor for severe Covid outcomes, researchers are now observing a new long-term health concern in patients hospitalised with Covid-19 -- an increase in new-onset hyperglycemia, or high levels of blood sugar lasting months after the infection. Researchers from the Boston Children's Hospital assessed the health of 551...

Gadgets & Tech

error: Content is protected !!