Subj : Chinese hackers hit gover
To   : All
From : Mike Powell
Date : Thu Oct 02 2025 09:36 am

Chinese hackers hit government systems, stealing emails and more - here's
what we know

Date:
Wed, 01 Oct 2025 12:02:00 +0000

Description:
Say hi to Phantom Taurus - a newly discovered Chinese state-sponsored
cyberespionage group.

FULL STORY

Chinese state-sponsored threat actors named Phantom Taurus have been seen
targeting email communications and databases belonging to different countries
in the Middle East and South Asia with brand new malware .

Security researchers from Unit 42 have been tracking the threat actor for
years, and have come to the conclusion the attackers were sponsored by China,
based on a combination of technical indicators, targeting patterns, and
strategic alignment.

The experts observed the group targeting ministries of foreign affairs,
embassies, and government entities, all typical victims of nation-state
intelligence operations.

Sharing infrastructure

The group also used custom backdoor malware called NET-STAR which was
sophisticated in the way only a nation-state could develop.

The NET-STAR malware suite demonstrates Phantom Taurus advanced evasion
techniques and a deep understanding of .NET architecture, representing a
significant threat to internet-facing servers, the researchers explained.

Phantom Taurus also apparently shares infrastructure, malware traits, and
tactics with known Chinese APTs, particularly BackdoorDiplomacy. C2 domains,
malware loaders, and similar spear-phishing techniques, all made Unit 42
deduce Phantom Taurus was a Chinese actor.

They have now placed it next to other tauruses - Iron Taurus, Starchy Taurus,
and Stately Taurus. The latter is also known as Mustang Panda and is a widely
known threat actor, who was seen targeting Microsoft tools, cloud services,
and more.

Unfortunately, we dont know exactly how Phantom Taurus infects its victims
with NET-STAR. We can only assume it includes the usual tactics such as
spear-phishing or zero-day vulnerability abuse. We do know, however, that its
victims are located in Afghanistan and Pakistan.

China, as usual, denies any wrongdoing or any involvement in cyberattacks or
cyber-espionage, and instead accuses the United States of being the worlds
biggest cyber-bully.

Via The Register

======================================================================
Link to news story:
https://www.techradar.com/pro/security/chinese-hackers-hit-government-systems-
stealing-emails-and-more-heres-what-we-know

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from vert.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.