All news with #net-star tag

Phantom Taurus: China-Aligned Hackers Target State, Telecom

🔍Phantom Taurus, newly designated by Unit 42, is a China-aligned cyber-espionage group that has targeted government and telecommunications organizations across Africa, the Middle East and Asia for at least two and a half years. Researchers traced the activity from earlier cluster tracking through a 2024 campaign codename, noting a 2025 elevation to a distinct group. Phantom Taurus has shifted from email-server exfiltration to directly querying SQL Server databases via a custom mssq.bat executed over WMI, and deploys a previously undocumented .NET IIS malware suite dubbed NET-STAR.

Phantom Taurus: China-linked APT Targets Diplomacy

🔍 Palo Alto Networks Unit 42 has attributed a two-and-a-half-year campaign of espionage to a previously undocumented China-aligned actor dubbed Phantom Taurus, which has targeted government and telecommunications organizations across Africa, the Middle East, and Asia. The group uses a bespoke .NET malware suite called NET-STAR to compromise Internet Information Services (IIS) web servers and maintain stealthy access. Observed techniques include exploitation of on-premises IIS and Microsoft Exchange flaws, in-memory payload execution, timestomping and AMSI/ETW bypasses, enabling persistent data collection tied to geopolitical events.