Security researchers discovered a highly sophisticated form of malware that’s operated undetected for over five years.
The malware, dubbed “TajMahal,” is comprised of 80 unique modules and demonstrates spyware tactics that have never been recorded before. More than that, it originates from a state-sponsored hacking group that shows no patterns or signs of other known groups.
As this threat effectively remained hidden since 2013, some pointed questions are being raised in the realm of cybersecurity. Namely, who is behind the TajMahal malware, what’s it used for, and how did it remain undetected for so long?
An Unknown Creator
Not much is known about TajMahal’s creators, aside from their unusual hacking methods when compared to all previously seen techniques.
No claims about the malware have been made since its discovery, and there’s no clear hint of ownership to be found. To that point, TajMahal only gets its name from a file it uses to pull data from targeted devices.
But the hackers are obviously sophisticated, having stealthily breached networks for so long, and effectively, without notice. On top of that, TajMahal presents a highly advanced technical framework with its own innovative code base.
As it displays no known similarities to other hackers or cyber attacks of the past, the spyware’s unknown origins are leaving web security experts scratching their heads with interest.
Many Possible Applications
TajMahal is a versatile form of spyware that performs a variety of espionage tasks.
For instance: TajMahal is capable of digitally copying printing documents and retrieving data from discs and USB drives that connect with infected hardware. While those features may not sound overtly sinister at first, such tactics effectively highlight data that is valuable for theft.
As of now, this highly advanced spyware infiltrated only one known network as its target, the embassy of a country located in Central Asia whose name remains undisclosed.
However, with the scope and nature of this malware, it’s highly unlikely that the embassy is the only TajMahal victim. For such sophisticated technology to exist, a large investment must stand behind it; meaning additional targets are all but assured.
Operating Under the Radar
TajMahal hit the web in 2013 and was first detected in the fall of 2018. That’s a remarkable amount of time for any malware to operate without detection.
But this unusually subtle performance indicates an extreme level of caution coming from the state-sponsor hiding behind the spyware. The logic being: For TajMahal to have stayed hidden so long, it must be continually applied with extremely regimented care. It isn’t like TajMahal has been inactive either, with its modules showing multiple adjustments from 2013 to 2018.
Unfortunately, with their tracks this well covered, not much is discernable about the hacker group. The one known embassy victim could have been targeted by any number of organizations with agendas in Central Asia. From China to Russia to Iran, with the lack of information available on them, these perpetrators could be coming from anywhere.