New China-Linked Cyber Threat Group Phantom Taurus Targets Military, Diplomats
Cybersecurity experts have identified a new threat group, Phantom Taurus, active since 2022 and attributed to China. The group, known for its sophisticated malware tools, has been targeting military and diplomatic entities worldwide, raising significant concerns.
Phantom Taurus initially focused on email systems but has since shifted to database attacks using stolen credentials. The group employs a new malware suite, NET-STAR, designed to target Internet Information Services (IIS) web servers. NET-STAR includes three backdoors - IIServerCore, AssemblyExecuter V1, and AssemblyExecuter V2 - to evade detection.
The group, believed to be state-supported, has targeted entities in Asia, the Middle East, and Africa. Phantom Taurus has been observed seeking specific documents and information related to countries like Afghanistan and Pakistan. Their activities have been so stealthy that Google has issued 'State-backed attack in progress' warnings.
Phantom Taurus, a significant threat to internet-facing servers, is known for its advanced evasion techniques and minimal detection by antivirus engines. The group's activities highlight the importance of robust cybersecurity measures to protect sensitive information and diplomatic communications.
