- Phantom Taurus targeted diplomatic devices in South Asia and the Middle East using Net-Star Malware
- Unit 42 Attributes Group to China Based on Tactics, Infrastructure and Strategic Targeting
- Victims include Afghanistan and Pakistan – and more may come
Chinese state-sponsored threat actors named Phantom Taurus have been seen targeted at email communication and databases belonging to different countries in the Middle East and South Asia with brand new malware.
Unit 42 security researchers have tracked the threat actor for years and have come to the conclusion that attackers were sponsored by China, based on a combination of technical indicators, targeting patterns and strategic adaptation.
The experts observed the group targeted at ministries of foreign affairs, embassies and government units, all typical victims of nation -state intelligence operations.
Sharing of infrastructure
The group also used custom back door malware called Net-Star, which was sophisticated in the way only a nation state could develop.
“The Net-Star Malware package demonstrates Phantom Taurus’ advanced evasion techniques and a deep understanding of .NET architecture representing a significant threat to internet-facing servers,” the researchers explained.
Phantom Taurus also apparently shares infrastructure, malware traits and tactics with well -known Chinese apts, especially BagDoordiplomacy. C2 domains, malware loaders and similar skewers-phishing techniques, all manufactured device 42 deducted Phantom Taurus was a Chinese actor.
They have now placed it next to other “Tauruser” – Iron Taurus, Starchy Taurus and Stasis Taurus. The latter is also known as Mustang Panda and is a widely known threat actor who was seen targeted at Microsoft tools, cloud services and more.
Unfortunately, we do not know exactly how Phantom Taurus infects his victims with Net-Star. We can only assume that it includes the usual tactics, such as spear-phishing or zero-day vulnerability abuse. However, we know that its victims are located in Afghanistan and Pakistan.
China, as usual, denies any wrongdoing or any involvement in cyber attacks or cyber espionage and instead accuses the United States of being the world’s largest “cyber-bully”.
Via Registered
