Researchers have identified a new Chinese state-sponsored threat actor called Phantom Taurus, which has targeted government and telecom sectors in Africa, the Middle East, and Asia for over two years. The group uses custom malware like NET-STAR and employs advanced tactics to steal sensitive information and directly access databases. #PhantomTaurus #ChinaCyberEspionage #APT27 #Winnti
Keypoints
- Phantom Taurus is a newly identified Chinese state-aligned threat actor active for more than two years.
- The group primarily targets government and telecommunications organizations in Africa, the Middle East, and Asia.
- It employs unique tools such as Specter malware, Ntospy, and the NET-STAR malware suite for espionage activities.
- Phantom Taurus has shifted focus from email theft to directly targeting databases using malicious scripts.
- The threat actor demonstrates advanced stealth techniques, including timestomping and in-memory operations, to evade detection.