Contact Contact Us

Sophisticated TajMahal Spying Framework has Eyes on Asia

An unknown threat group is using a sophisticated cyber espionage platform known as TajMahal to steal information from a diplomatic entity in Central Asia. TajMahal consists of a backdoor called Tokyo which delivers the second-stage Yokohama payload containing at least 80 modules. The modular malware can collect data about the victim, index file systems including external drives, steal optical disc image, record and take screenshots of VoIP calls and intercept documents from print queue. TajMahal, which has been developed and deployed since 2013, is believed to have targeted other victims but was not detected until recently.

[1] Project TajMahal – A Sophisticated New APT Framework

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883