TZUTC: -0500   
   MSGID: 1547.consprcy@1:2320/105 2d43c9f6   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Chinese hackers hit government systems, stealing emails and more - here's    
   what we know   
      
   Date:   
   Wed, 01 Oct 2025 12:02:00 +0000   
      
   Description:   
   Say hi to Phantom Taurus - a newly discovered Chinese state-sponsored   
   cyberespionage group.   
      
   FULL STORY   
      
   Chinese state-sponsored threat actors named Phantom Taurus have been seen   
   targeting email communications and databases belonging to different countries   
   in the Middle East and South Asia with brand new malware .    
      
   Security researchers from Unit 42 have been tracking the threat actor for   
   years, and have come to the conclusion the attackers were sponsored by China,   
   based on a combination of technical indicators, targeting patterns, and   
   strategic alignment.    
      
   The experts observed the group targeting ministries of foreign affairs,   
   embassies, and government entities, all typical victims of nation-state   
   intelligence operations.   
      
   Sharing infrastructure    
      
   The group also used custom backdoor malware called NET-STAR which was   
   sophisticated in the way only a nation-state could develop.    
      
   The NET-STAR malware suite demonstrates Phantom Taurus advanced evasion   
   techniques and a deep understanding of .NET architecture, representing a   
   significant threat to internet-facing servers, the researchers explained.    
      
   Phantom Taurus also apparently shares infrastructure, malware traits, and   
   tactics with known Chinese APTs, particularly BackdoorDiplomacy. C2 domains,   
   malware loaders, and similar spear-phishing techniques, all made Unit 42   
   deduce Phantom Taurus was a Chinese actor.    
      
   They have now placed it next to other tauruses - Iron Taurus, Starchy Taurus,   
   and Stately Taurus. The latter is also known as Mustang Panda and is a widely   
   known threat actor, who was seen targeting Microsoft tools, cloud services,   
   and more.    
      
   Unfortunately, we dont know exactly how Phantom Taurus infects its victims   
   with NET-STAR. We can only assume it includes the usual tactics such as   
   spear-phishing or zero-day vulnerability abuse. We do know, however, that its   
   victims are located in Afghanistan and Pakistan.    
      
   China, as usual, denies any wrongdoing or any involvement in cyberattacks or   
   cyber-espionage, and instead accuses the United States of being the worlds   
   biggest cyber-bully.    
      
    Via The Register   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/chinese-hackers-hit-government-systems-   
   stealing-emails-and-more-heres-what-we-know   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426