216.73.217.80

Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite

· Published 30/09/2025 17:21 · Modified 30/09/2025 20:12

Export JSON

Essential information

Published
30/09/2025 17:21
Modified
30/09/2025 20:12
Tags
2025-09-30 africa asia assemblyexecuter china chopper chinese apt database targeting espionage gh0st rat government iis backdoor iiservercore middle east net-star ntospy plugx specter telecommunications
Related entities
4 observables, 1 intrusion sets (apt), 16 techniques (mitre), 4 others

Description

Phantom Taurus, a newly identified Chinese state-sponsored threat actor, has been conducting operations targeting and organizations across , the , and . The group's primary focus includes ministries of foreign affairs, embassies, and military operations, with the objective of gathering sensitive information. Phantom Taurus employs distinctive tactics, techniques, and procedures, including a new malware suite called . This suite consists of three web-based backdoors designed to target Internet Information Services (IIS) web servers. The group has recently shifted from targeting emails to directly accessing databases, demonstrating their ability to adapt and evolve their methods. Phantom Taurus' activities align with Chinese strategic interests, and their infrastructure overlaps with other known groups.

External references