Chinese Cyber-Espionage Group 'Phantom Taurus' Targets Governments Worldwide
Cybersecurity researchers have uncovered a China-based cyber-espionage group, dubbed 'Phantom Taurus', active since at least 2022. The group has been targeting government and telecommunications organizations across Africa, the Middle East, and Asia, aligning with Chinese state interests and focusing on obtaining sensitive information.
Phantom Taurus employs a unique set of techniques, tactics, and procedures (TTPs), including the use of Specter malware family, Ntospy, and NET-STAR. The group uses living-off-the-land techniques and an operational infrastructure exclusive to Chinese threat actors. Recently, they have shifted tactics to directly target SQL Server databases for data theft using a custom batch script (mssq.bat).
The group's activities have been conducted through long-term intelligence collection operations against high-value targets. These include ministries of foreign affairs, embassies, and military operations. The NET-STAR suite, comprising three distinct web-based backdoors, maintains persistence within the target's IIS environment.
Phantom Taurus's activities, aligning with Chinese state interests, pose a significant threat to global cybersecurity. Their use of advanced malware and tactics highlights the need for robust cyber defence strategies. Further research is ongoing to mitigate the group's impact and protect sensitive information.
Read also:
- Trump administration faces lawsuit by Denmark's Ørsted over halted wind farm project
- U.S. takes a pledge of $75 million to foster Ukrainian resources development
- Political Rivalry: Comparison of Labour and Conservative Parties' Policies and Their Current Standings in Polls
- Impact of Trump's Enforced Russia Sanctions Could Compel Putin's Decision-Making
