<ciso brief/>
Tag Banner

All news with #cortex xdr tag

all tags →

Tue, September 30, 2025

Phantom Taurus: NET-STAR .NET IIS Backdoor Revealed

#Advanced Persistent Threat #Backdoor Found #.NET #Impacket #Cortex XDR #Data Exfil via Tools

🔍 Unit 42 documents a newly designated Chinese-aligned threat actor, Phantom Taurus, which uses a previously undocumented .NET malware suite called NET-STAR to target IIS web servers. The actor focuses on government and telecommunications organizations across the Middle East, Africa and Asia and has shifted from email theft to direct database exfiltration. The report outlines technical behaviors, in-memory fileless execution, and mitigation guidance for Palo Alto Networks protections.

read more →