TajMahal, a sophisticated APT framework was recently discovered by researchers which is estimated to be operational since 2013. Security firm Kaspersky Lab which detected recent activity related to TajMahal indicated that it contained two different packages named Tokyo and Yokohama.
Furthermore, the researchers also found that the APT framework had around 80 plugins in an encrypted Virtual File System (VFS).
Why does it matter - Kaspersky Lab emphasized that the number of plugins found in the APT framework was one of the highest they had encountered.
“The huge amount of plugins that implement a number of features is something we have never before seen in any other APT activity. For example, it has its own indexer, emergency C2s, is capable of stealing specific files from external drives when they become available again, etc,” the researchers wrote in a blog.
As of now, Kaspersky estimates that only one victim was impacted by TajMahal based on their telemetry.