Chinese APT Phantom Taurus Targeted MS Exchange Servers Over 3 Years

Cybersecurity researchers at Palo Alto Networks’ Unit 42 say Chinese APT Phantom Taurus breached Microsoft Exchange servers for years using a backdoor to spy on diplomats and defense data.

Researchers at Palo Alto Networks say a Chinese-linked cyberespionage group has been targeting foreign ministries, embassies, and military-related communications by breaking into Microsoft Exchange email servers.

The group, named Phantom Taurus by the company’s threat intelligence team, has been tracked for nearly three years. Researchers say the hackers gained access to Exchange systems and specifically searched for communications connected to embassies, military operations, and diplomatic events.

Unit 42 links Phantom Taurus to Chinese state-backed hacking groups, pointing to infrastructure overlaps with well-known teams such as Mustang Panda and Winnti.

Targeting Diplomats For Sensitive Data

Unit 42 reported that Phantom Taurus’ operations focus heavily on ministries of foreign affairs, embassies, and organizations with access to defense and geopolitical intelligence. Investigators noted ...