Phantom Taurus: New Cyber Espionage Group Targets Governments Worldwide
A new cyber espionage group, dubbed Phantom Taurus, has been active since at least 2022. Little is known about the organization behind it, but its operations align with Chinese state interests.
Phantom Taurus focuses on ministries of foreign affairs, embassies, geopolitical events, and military operations. Its targets include government and telecommunications organizations across Africa, the Middle East, and Asia. The group employs unique techniques, tactics, and procedures (TTPs), including the Specter malware family, Ntospy, and NET-STAR. It uses living-off-the-land techniques and an operational infrastructure exclusive to Chinese threat actors. Phantom Taurus has shifted tactics over time, recently targeting SQL Server databases for data theft using a custom batch script (mssq.bat).
The group uses a new, undocumented .NET malware suite called NET-STAR, which comprises three distinct web-based backdoors serving specific roles in the attack chain while maintaining persistence. Phantom Taurus conducts long-term intelligence collection operations to obtain sensitive information.
Phantom Taurus, active since 2022, poses a significant threat to governments and telecommunications organizations worldwide. Despite limited information about its organizational backing, its tactics and targets align with Chinese state interests. Security experts urge vigilance and proactive defense against this evolving cyber espionage group.
Read also:
- Potential Consequences of Dismantling FEMA Vary Across States
- Puerto Rico's Climate Lawfare Campaign experiences another setback with the dismissal of its deals.
- Unusual Sign Marks Budget Cuts on Nordsachsen Roads
- "US Wind criticizes the Trump administration's decision to abandon the Delmarva offshore wind farm project, accusing it of being politically driven"
