Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite

    Wednesday, October 1, 2025 In: Threat Research Print

    Date: 10/01/2025

    Severity: Medium

    Summary

    Phantom Taurus is a newly identified Chinese nation-state APT group focused on espionage. Active for over two years, it targets government and telecom sectors in Africa, the Middle East, and Asia, especially ministries, embassies, and military operations. Known for its stealth and adaptive TTPs, the group uses a custom malware tool called NET-STAR. Initially tracked as a temporary cluster, it was later confirmed as a distinct threat actor linked to PRC state interests.

    Indicators of Compromise (IOC) List

    Hash : 

    eeed5530fa1cdeb69398dc058aaa01160eab15d4dcdcd6cb841240987db284dc

    3e55bf8ecaeec65871e6fca4cb2d4ff2586f83a20c12977858348492d2d0dec4

    afcb6289a4ef48bf23bab16c0266f765fab8353d5e1b673bd6e39b315f83676e

    b76e243cf1886bd0e2357cbc7e1d2812c2c0ecc5068e61d681e0d5cff5b8e038

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    sha256hash IN ("b76e243cf1886bd0e2357cbc7e1d2812c2c0ecc5068e61d681e0d5cff5b8e038","3e55bf8ecaeec65871e6fca4cb2d4ff2586f83a20c12977858348492d2d0dec4","afcb6289a4ef48bf23bab16c0266f765fab8353d5e1b673bd6e39b315f83676e","eeed5530fa1cdeb69398dc058aaa01160eab15d4dcdcd6cb841240987db284dc")

    Reference:    

    https://unit42.paloaltonetworks.com/phantom-taurus/


    Tags

    MalwareThreat ActorAPTNET-STARPhantom TaurusChinaCyber EspionageGovernment Services and FacilitiesCommunicationsAfricaThe Middle EastAsiaDefense Industrial BasePRC state

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.