Subj : Chinese hackers hit gover To : All From : Mike Powell Date : Thu Oct 02 2025 09:36:27 Chinese hackers hit government systems, stealing emails and more - here's what we know Date: Wed, 01 Oct 2025 12:02:00 +0000 Description: Say hi to Phantom Taurus - a newly discovered Chinese state-sponsored cyberespionage group. FULL STORY Chinese state-sponsored threat actors named Phantom Taurus have been seen targeting email communications and databases belonging to different countries in the Middle East and South Asia with brand new malware . Security researchers from Unit 42 have been tracking the threat actor for years, and have come to the conclusion the attackers were sponsored by China, based on a combination of technical indicators, targeting patterns, and strategic alignment. The experts observed the group targeting ministries of foreign affairs, embassies, and government entities, all typical victims of nation-state intelligence operations. Sharing infrastructure The group also used custom backdoor malware called NET-STAR which was sophisticated in the way only a nation-state could develop. The NET-STAR malware suite demonstrates Phantom Taurus advanced evasion techniques and a deep understanding of .NET architecture, representing a significant threat to internet-facing servers, the researchers explained. Phantom Taurus also apparently shares infrastructure, malware traits, and tactics with known Chinese APTs, particularly BackdoorDiplomacy. C2 domains, malware loaders, and similar spear-phishing techniques, all made Unit 42 deduce Phantom Taurus was a Chinese actor. They have now placed it next to other tauruses - Iron Taurus, Starchy Taurus, and Stately Taurus. The latter is also known as Mustang Panda and is a widely known threat actor, who was seen targeting Microsoft tools, cloud services, and more. Unfortunately, we dont know exactly how Phantom Taurus infects its victims with NET-STAR. We can only assume it includes the usual tactics such as spear-phishing or zero-day vulnerability abuse. We do know, however, that its victims are located in Afghanistan and Pakistan. China, as usual, denies any wrongdoing or any involvement in cyberattacks or cyber-espionage, and instead accuses the United States of being the worlds biggest cyber-bully. Via The Register ====================================================================== Link to news story: https://www.techradar.com/pro/security/chinese-hackers-hit-government-systems- stealing-emails-and-more-heres-what-we-know $$ --- SBBSecho 3.28-Linux * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105) .