A China-aligned nation-state actor named Phantom Taurus has targeted government and telecom organizations across Africa, the Middle East, and Asia for espionage over the past two-and-a-half years. The group utilizes sophisticated custom tools like the NET-STAR malware suite and exploits vulnerabilities in IIS and Microsoft Exchange servers. #PhantomTaurus #OperationDiplomaticSpecter
Keypoints
- Phantom Taurus primarily aims to conduct long-term espionage on governmental entities and diplomatic communications.
- The group has demonstrated stealth, persistence, and quick adaptation of tactics and techniques.
- They employ custom-developed tools, including the NET-STAR malware suite, targeting IIS web servers.
- The threat actor has exploited known vulnerabilities like ProxyLogon and ProxyShell to infiltrate networks.
- Recent operations involve targeted database searches and advanced evasion techniques, such as timestomping.
Read More: https://thehackernews.com/2025/09/phantom-taurus-new-china-linked-hacker.html