Chinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star Malware

A Chinese state-sponsored hacking group tracked as ‘Phantom Taurus’ has been targeting government and telecommunications organizations for espionage for more than two years, Palo Alto Networks reports.

Initially observed in 2023, the APT was only recently linked to Chinese hacking groups through shared infrastructure, as its tactics, techniques and procedures (TTPs) differ from those typically associated with threat actors operating out of China.

“These enable the group to conduct highly covert operations and maintain long-term access to critical targets,” says Palo Alto Networks.

The group, the cybersecurity firm explains, uses shared operational infrastructure exclusive to Chinese APTs, and targets high-value organizations (such as ministries of foreign affairs and embassies), in line with China’s economic and geopolitical interests.

What sets Phantom Taurus apart, however, is the use of a different set of TTPs, some unique to the group, such as its Specter and Net-Star malware families, and the Ntospy malware ...