Unknown Chinese Cyber Actor 'Phantom Taurus' Exposed, Targeting High-Value Orgs Worldwide
A previously unknown Chinese state-sponsored cyber actor, Phantom Taurus, has been exposed. It has been targeting high-value organizations worldwide for over two years, aiming to steal sensitive information.
Phantom Taurus, first tracked as CL-STA-0043 and later as TGR-STA-0043, operates stealthily and persistently. It adapts its tactics swiftly and uses unique, custom tools rarely seen elsewhere. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) identified it as a Chinese cybersecurity threat in February 2022.
The group has been active in Africa, the Middle East, and Asia, focusing on ministries of foreign affairs, embassies, and military operations. Its AssemblyExecuter tool helps it evade detection by executing .NET assemblies directly in memory. The latest version, AssemblyExecuter v2, includes enhanced evasion capabilities to bypass Windows security mechanisms AMSI and ETW.
Phantom Taurus shares some infrastructure with other Chinese threat actors like Iron Taurus, Starchy Taurus, and Stately Taurus, but uses distinct components. Its targets reflect Chinese strategic interests, aiming to gain non-public information.
Phantom Taurus' stealth, persistence, and adaptability make it a significant threat. Its targeting of government and military organizations, along with embassies and geopolitical events, underscores its espionage focus. As a previously undocumented actor aligned with the People's Republic of China, it highlights the evolving cyber threat landscape.
Read also:
- User Data Analysis on Epic Games Store
- Rachel Reeves conducts a discussion with Scott Bessent and financial executives, focusing on investment matters
- Hyundai accelerates production plans: Introducing 7 new N models, aiming for a sales figure of 100,000 units by 2030.
- Yasa, an electric car engine producer, plans to broaden its operations.
