Kaspersky: TajMahal system Spy are rare, comprising 80 units subversive of the functions of unique and the affiliation of the unknown!

Discovered by researchers at Kaspersky Lab’s advanced system for e-publish most likely since before 2013, without showing clear links to any of the subversion of the well-known activist at the scene of security threats world.

The formation of the discovered, which the researchers called him. the name of the TajMahal, 80 units of malignancy include jobs that have never been seen in advanced persistent threats, such as the ability to steal information from waiting lists for the implementation of the printing in the printer, and get the files that preceded their participation on the tool storage portable once to be treated connected in the device via the USB port. Not detected Kaspersky Lab’s so far only one victim of this organization, is a diplomat belonging to one of the states of Central Asia, but likely according to the company that others have been affected.

Found researchers at the TajMahal shopping in late 2018, which is about one of the models Advanced Persistent Threats advanced technology and implement the operations of the spy electronic comprehensive.

Analysis of the malware carried out by researchers on this area of the court that the statute has been developed and used for at least the past five years, after it was found that the oldest sample of the malware in this system, dating back to April of 2013, while the latest of which I found dated last August. The name came TajMahal which was launched by researchers on the trade, this unique of the file name used for the stolen data.

The researchers believe that within the system buys a bunch of ‘ S carrying the Tokyo وYokohama; the package Tokyo is small and represents the first phase includes about three units next to the function of the product back the president, and regularly with command and control servers. And benefit package Tokyo of the language البرمجيةPowerShell show in the grid until after the transmission of the intrusion into its second phase; package Yokohama.

Related topics what you read now:

The second phase (Yokohama) structure of spy fully equipped, and include system files by default, the VFS with all the software extra best external files files open-source to prepare the settings required. There is in this package nearly 80 units in the community include analysis tools, coordination tools and communication servers command and control recorders, sound recorders, keyboards and tools to monitor the content of screens and a camera web, a sign of tools, theft of documents and encryption keys.

Can prevent the government TajMahal also get the cookies saved in the browser, and collect a list of backup devices Appleالمحمولة, steal data from a CD-ROM was copy it from the victim machine, as well as theft of the documents in the print queue in printers. The organization could also “request” to steal a specific file that has been shared previously on tool graduation laptop, so once that is done connect this tool to the device victim through the USB port again.

The targeted systems found Kaspersky Lab’s sources, all of Tokyo وYokohama. This indicates that Tokyo could use the injury in the first phase, which implemented a package Yokohama working at full capacity on the victims, then left it for backup purposes.

Yet to be note only one victim; the embassy of belonging to one of the states of Central Asia, was hit towards the year 2014. However, vector distribution and Infection Prevention the government TajMahal currently unknown.

Said Alexey Scholl local malware the Kaspersky Lab, said that the TajMahal form the discovery “very interesting”, adding that it is “highly sophisticated” technically characterized by the functions of “never seen before” the threat of disruptive advanced, but pointed to the existence of unanswered questions about this organization, to be the subversion of the underlying has “invested a lot of resources for the attack on one victim only,” he added: “This indicates that the probability of the existence of other victims have not been identified yet, or additional versions are still the bulk of these malware, or perhaps both”.

Pointed Schulz on the other, to the survival of the vector distribution and the threat of “unknown until now”, which has somehow specialized for more than five years, and ended to say: “this raises get rid of questions about its causes, is caused by inactivity relative or he comes back for another reason, as there is no evidence on the point of what can the attribution of this system to it, there are no links to any of the groups threat to the well-known”.

Recall that all Kaspersky Lab products are capable of detecting this threat on and off successfully. To avoid falling victim to the attack wave from, among others, subversive known or unknown, it is recommended that researchers using the company tools and advanced security such as Kaspersky Anti Targeted Attack Platform (KATA) and to ensure the ability of security teams e-institutional access to the latest information, e-threats.

Also, researchers recommend ensuring regular updating of all software used in the enterprise, especially when the companies release the product for this software patches, software security bugs. The help of security products with the capability to assess security vulnerabilities & patch management software automate this calculation.

It is also advised to ensure that staff understand the principles of basic safety electronic security, as many of the attacks start from phishing attempts and other methods of social engineering.

Leave a Reply

Your email address will not be published. Required fields are marked *