Chinese State-Backed Hackers Exposed: Phantom Taurus Uses Unique Malware to Target Governments
Cybersecurity experts have discovered a sophisticated Chinese state-aligned hacking group, Phantom Taurus, which has been active for over 2.5 years. The group uses unique tactics and techniques, including a previously undetected .NET malware suite named Net-Star, to maintain long-term access to targets near me.
Phantom Taurus has been focusing on foreign ministries, embassies, geopolitical events, and military operations. The group's operators are a previously undocumented Chinese state-aligned cyber espionage group, linked to long-term intelligence collection supporting the geopolitical interests of the People's Republic of China. They target governments and critical ministries across Africa, the Middle East, and Asia.
The group's custom-developed tools include the Net-Star malware suite, which targets IIS web servers. Net-Star includes three web backdoors: ISServerCore, AssemblyExecuter V1, and AssemblyExecuter V2, enabling stealthy, persistent attacks against internet-facing servers. In early 2025, the APT shifted its tactics, moving from stealing emails to targeting databases using a script named mssq.bat.
Phantom Taurus, a China-linked APT, targets government and telecom organizations for espionage using Net-Star malware. The group's unique tactics and techniques, along with its custom-developed tools, pose a significant threat to global cybersecurity. Further investigation is needed to mitigate the risks associated with this advanced persistent threat.
Read also:
- Tesla is reportedly staying away from the solid-state battery trend, as suggested by indications from CATL and Panasonic.
- UK automaker, Jaguar Land Rover, to commit £500 million for electric vehicle manufacturing in Merseyside
- XPeng Boosts Leadership, Vienna's EV Interest Surges, Used EV Market Shifts
- IAEA Urges Action as Zaporizhzhia Nuclear Plant's Power Crisis Worsens
