loader gif

Mysterious Hackers Hid Their Swiss Army Spyware for 5 Years

Mysterious Hackers Hid Their Swiss Army Spyware for 5 Years (Threat Actors)

In a talk at the Kaspersky Security Analyst Summit in Singapore Wednesday, Kaspersky security researcher Alexey Shulmin revealed the security firm's discovery of a new spyware framework—an adaptable, modular piece of software with a range of plugins for distinct espionage tasks—that it's calling TajMahal. Kaspersky says it first detected the TajMahal spyware framework last fall, on only a single victim's network: The embassy of a Central Asian country whose nationality and location Kaspersky declines to name. Shulmin says Kaspersky hasn't yet been able to connect TajMahal, named for a file the spyware uses to move stolen data off a victim's machine, to any known hacker groups with the usual methods of code-matching, shared infrastructure, or familiar techniques. Nor has Kaspersky determined how the hackers behind TajMahal gain initial access to a victim network. That backdoor uses the common hacking framework PowerShell to allow the hackers to spread their compromise, connect to the a command-and-control server, and plant TajMahal's much more multifunctional payload spyware, labelled by the hackers as Yokohama, with its dozens of distinct modules.

loader gif