New Cyber Threat Group 'Phantom Taurus' Emerges as Top Global Menace
A newly-discovered cybersecurity threat group, Phantom Taurus, has been operating for two years, posing a top-tier global threat. It targets high-level geopolitical intelligence and critical telecommunications infrastructure, primarily in Africa, the Middle East, and Asia. The group's distinctive tactics, techniques, and procedures (TTPs) have raised concerns among cybersecurity experts.
Phantom Taurus maintains long-term access to critical targets using a custom-built malware suite called NET-STAR. This suite consists of three distinct web-based backdoors, each with specific roles in the attack chain, allowing the group to maintain persistence within the target's Internet Information Services (IIS) environment. The group also uses common tools like China Chopper, Potato suite, and Impacket, along with customized tools such as the Specter malware family and Ntospy.
In response to the threat, Palo Alto Networks has shared its findings with the Cyber Threat Alliance (CTA) and recommends others to do the same. They have also published indicators of compromise and upgraded their protections against Phantom Taurus. Since 2023, the group has focused on stealing specific emails and recently shifted to targeting databases using a script named mssq.bat.
Phantom Taurus's sophisticated tactics and targeted attacks highlight the need for enhanced cybersecurity measures. As the group continues to evolve its methods, it is crucial for organizations to stay informed, share threat intelligence, and strengthen their defenses against such advanced persistent threats.
Read also:
- Web3 gaming platform, Pixelverse, debuts on Base and Farcaster networks
- Amazon customer duped over Nvidia RTX 5070 Ti purchase: shipped item replaced with suspicious white powder; PC hardware fan deceived, discovers salt instead of GPU core days after receiving defective RTX 5090.
- Infiltration of Estonian airspace by Russian military aircraft
- Cyber aggression intensifies by China-backed TA415 group, targeting Taiwan's semiconductor production and supply networks
