New Chinese Nexus APT Group Targeting Organizations to Deploy NET-STAR Malware Suite

China-linked advanced persistent threat (APT) group Phantom Taurus has intensified espionage operations against government and telecommunications targets across Africa, the Middle East, and Asia, deploying a newly discovered .NET malware suite called NET-STAR.

First tracked by Unit 42 in June 2023 as cluster CL-STA-0043 and temporarily designated TGR-STA-0043 (Operation Diplomatic Specter) in May 2024, the group has now been formally mature as a distinct threat actor aligned with People’s Republic of China (PRC) state interests.

Over the past two and a half years, Phantom Taurus campaigns have consistently targeted ministries of foreign affairs, embassies, and entities involved in geopolitical events and military operations.

The actor’s victimology aligns with PRC strategic priorities, focusing on diplomatic communications, defense-related intelligence, and critical government functions in regions where China seeks influence and insight.

Distinctive Tactics, Techniques, and Procedures

While many Chinese APTs employ ...