A Chinese state-sponsored hacking group called Phantom Taurus has been conducting covert espionage operations targeting government and telecom organizations worldwide. The group uses unique malware families like Specter, Net-Star, and Ntospy, leveraging shared infrastructure to evade detection. #PhantomTaurus #ChineseApt
Keypoints
- Phantom Taurus has targeted high-value governmental and communication organizations for over two years.
- The group uses distinct TTPs and malware, including Specter, Net-Star, and Ntospy, setting it apart from typical Chinese APTs.
- It targets email servers and databases in Africa, the Middle East, and Asia to gather intelligence.
- Net-Star malware targets IIS web servers with various backdoors, including the memory-only IIServerCore backdoor.
- The group’s operations often coincide with major geopolitical events, indicating strategic timing.