- Phantom Taurus targeted diplomatic entities in South Asia and the Middle East using NET-STAR malware
- Unit 42 attributes the group to China based on tactics, infrastructure, and strategic targeting
- Victims include Afghanistan and Pakistan – and more may be coming
Chinese state-sponsored threat actors named Phantom Taurus have been seen targeting email communications and databases belonging to different countries in the Middle East and South Asia with brand new malware.
Security researchers from Unit 42 have been tracking the threat actor for years, and have come to the conclusion the attackers were sponsored by China, based on a combination of technical indicators, targeting patterns, and strategic alignment.
The experts observed the group targeting ministries of foreign affairs, embassies, and government entities, all typical victims of nation-state intelligence operations.
Sharing infrastructure
The group also used custom backdoor malware called NET-STAR which was sophisticated in the way only a nation-state could develop.
“The NET-STAR malware suite demonstrates Phantom Taurus’ advanced evasion techniques and a deep understanding of .NET architecture, representing a significant threat to internet-facing servers,” the researchers explained.
Phantom Taurus also apparently shares infrastructure, malware traits, and tactics with known Chinese APTs, particularly BackdoorDiplomacy. C2 domains, malware loaders, and similar spear-phishing techniques, all made Unit 42 deduce Phantom Taurus was a Chinese actor.
They have now placed it next to other “tauruses” – Iron Taurus, Starchy Taurus, and Stately Taurus. The latter is also known as Mustang Panda and is a widely known threat actor, who was seen targeting Microsoft tools, cloud services, and more.
Unfortunately, we don’t know exactly how Phantom Taurus infects its victims with NET-STAR. We can only assume it includes the usual tactics such as spear-phishing or zero-day vulnerability abuse. We do know, however, that its victims are located in Afghanistan and Pakistan.
China, as usual, denies any wrongdoing or any involvement in cyberattacks or cyber-espionage, and instead accuses the United States of being the world’s biggest “cyber-bully”.
Via The Register
You might also like
https://cdn.mos.cms.futurecdn.net/MPfrfBiAx7wKAix6yiWWUC-2560-80.jpg
Source link
