"A Chinese state-sponsored hacking group tracked as 'Phantom Taurus' has been targeting government and telecommunications organizations for espionage for more than two years, Palo Alto Networks reports. Initially observed in 2023, the APT was only recently linked to Chinese hacking groups through shared infrastructure, as its tactics, techniques and procedures (TTPs) differ from those typically associated with threat actors operating out of China. "These enable the group to conduct highly covert operations and maintain long-term access to critical targets," says Palo Alto Networks."
"In 2025, the group started using Net-Star, a .NET malware suite targeting IIS web servers, which consists of three web-based backdoors: IIServerCore (a fileless backdoor) and two AssemblyExecuter variants (.NET malware loaders). The IIServerCore backdoor operates entirely in memory. It can receive and execute payloads and arguments, and can send the result to the command-and-control (C&C) server. It supports built-in commands to perform file system operations, access databases, execute arbitrary code, manage web shells, evade and bypass security solutions, load payloads directly i"
Phantom Taurus is a Chinese state-sponsored APT that has conducted espionage against government and telecommunications organizations for over two years. The group was first observed in 2023 and was linked to Chinese operators through shared operational infrastructure despite differing tactics, techniques and procedures. Targets include ministries of foreign affairs, embassies, email servers and databases across Africa, the Middle East and Asia. Tools include Specter, Net-Star, Ntospy, China Chopper, the Potato suite and Impacket. Net-Star is a .NET malware suite introduced in 2025 that targets IIS web servers with three web-based backdoors. The IIServerCore backdoor runs entirely in memory, executes payloads, and communicates results to a C&C server while providing file system, database and evasion capabilities.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]