All news with #advanced persistent threat tag

Phantom Taurus: NET-STAR .NET IIS Backdoor Revealed

🔍 Unit 42 documents a newly designated Chinese-aligned threat actor, Phantom Taurus, which uses a previously undocumented .NET malware suite called NET-STAR to target IIS web servers. The actor focuses on government and telecommunications organizations across the Middle East, Africa and Asia and has shifted from email theft to direct database exfiltration. The report outlines technical behaviors, in-memory fileless execution, and mitigation guidance for Palo Alto Networks protections.

Unit 42 Attribution Framework: Systematic Attribution

🔎 Unit 42's Attribution Framework defines a structured, repeatable process for linking observed cyber activity to clusters, temporary groups, or formally named threat actors. It pairs the Diamond Model with the Admiralty System to score source reliability and information credibility, guiding analysts through minimum standards, naming conventions, and promotion criteria to reduce premature attribution.