Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/04/tajmahal_spywar.html
The TajMahal framework’s 80 modules, Shulmin says, comprise not only the typical keylogging and screengrabbing features of spyware, but also never-before-seen and obscure tricks. It can intercept documents in a printer queue, and keep track of “files of interest,” automatically stealing them if a USB drive is inserted into the infected machine. And that unique spyware toolkit, Kaspersky says, bears none of the fingerprints of any known nation-state hacker group.
It was found on the servers of an “embassy of a Central Asian country.” No speculation on who wrote and controls it.