{"id":222727,"date":"2025-10-01T04:19:07","date_gmt":"2025-10-01T09:19:07","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/10\/phantom-taurus-new-china-linked-hacker-group-hits-governments-with-stealth-malware"},"modified":"2025-10-01T04:19:07","modified_gmt":"2025-10-01T09:19:07","slug":"phantom-taurus-new-china-linked-hacker-group-hits-governments-with-stealth-malware","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/10\/phantom-taurus-new-china-linked-hacker-group-hits-governments-with-stealth-malware","title":{"rendered":"Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/phantom-taurus-new-china-linked-hacker-group-hits-governments-with-stealth-malware.jpg\"><\/a><\/p>\n<p>\u201cThe group takes an interest in diplomatic communications, defense-related intelligence and the operations of critical governmental ministries,\u201d the company said. \u201cThe timing and scope of the group\u2019s operations frequently coincide with major global events and regional security affairs.\u201d<\/p>\n<p>This aspect is particularly revealing, not least because other Chinese hacking groups have also embraced a similar approach. For instance, a new adversary tracked by Recorded Future as RedNovember is <a href=\"https:\/\/thehackernews.com\/2025\/09\/chinese-hackers-rednovember-target.html\" rel=\"noopener\" target=\"_blank\">assessed<\/a> to have targeted entities in Taiwan and Panama in close proximity to \u201cgeopolitical and military events of key strategic interest to China.\u201d<\/p>\n<p>Phantom Taurus\u2019 modus operandi also stands out due to the use of custom-developed tools and techniques rarely observed in the threat landscape. This includes a never-before-seen bespoke malware suite dubbed NET-STAR. Developed in. NET, the program is designed to target Internet Information Services (IIS) web servers.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cThe group takes an interest in diplomatic communications, defense-related intelligence and the operations of critical governmental ministries,\u201d the company said. \u201cThe timing and scope of the group\u2019s operations frequently coincide with major global events and regional security affairs.\u201d This aspect is particularly revealing, not least because other Chinese hacking groups have also embraced a similar [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,418,9],"tags":[],"class_list":["post-222727","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-internet","category-military"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/222727","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=222727"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/222727\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=222727"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=222727"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=222727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}