China’s stealthiest spy operation yet. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 4 October 2025

⏱️ 24 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Assaf Dahan, Director of Threat Research, Cortex XDR, at Palo Alto Networks, discussing Phantom Taurus, a new China APT uncovered by Unit 42. Unit 42 researchers have identified Phantom Taurus, a newly designated Chinese state-aligned APT conducting long-term espionage against government and telecommunications organizations across Africa, the Middle East, and Asia. Distinguished by its stealth, persistence, and rare tactics, the group has recently shifted from email-focused data theft to directly targeting databases and deploying a powerful new malware suite called NET-STAR, designed to compromise IIS web servers and evade detection. This suite, featuring modular, fileless backdoors and advanced evasion capabilities, marks a significant evolution in Phantom Taurus’ operations and underscores the group’s strategic intelligence-gathering objectives. The research can be found here: ⁠Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:09.7	AI adoption is exploding, and security teams are under pressure to keep up.
0:16.9	That's why the industry is coming together at the Datasec AI conference, the premier event for cybersecurity data and AI leaders, hosted by data security leader, Saira.
0:27.6	Built for the industry, by the industry, this two-day conference is where real-world insights and bold solutions take center stage.
0:35.6	Datasec AI 25 is happening November 12th and 13th in Dallas.
0:41.8	There's no cost to attend.
0:43.4	Just bring your perspective and join the conversation.
0:46.7	Register now at Datasek AI 2025.com backslash cyberwire.
0:52.7	Thank you. dot com backslash cyberwire. Hello everyone and welcome to the CyberWire's Research Saturday.
1:07.3	I'm Dave Bittner and this is our weekly conversation with researchers and analysts
1:11.9	tracking down the threats and vulnerabilities, solving some of the hard problems and protecting
1:17.1	ourselves in a rapidly evolving cyberspace. Thanks for joining us.
1:25.0	So Phantom Taurus is a newly identified, what we call a state-sponsored Chinese espionage group.
1:33.5	And what really sets them apart from other APT groups is the large-scale intelligence collection activity that we've been observing.
1:42.6	So they mainly target government, embassies, ministries of foreign affairs and defense sectors.
1:51.8	That's Asaf Dahan, Director of Threat Researcher at Palo Alto Networks.
1:57.0	The research we're discussing today is about Phantom Taurus, a new China APT uncovered by Unit 42.
2:10.6	We've seen them in a number of geographies, standing from Africa, the Middle East, and Asia.
2:19.3	And yeah, so it's pretty vast in terms of who they target, the level and the scale of their intelligence collection efforts.
2:34.0	And also, it's not every day that we. of their intelligence collection efforts.
2:40.7	And also, it's not every day that we get to uncover a brand new,
2:43.0	what we call a top-tier APT. So most of the time that when we're tracking, I guess, cyberactivity or malicious, nefarious cyber activity, we usually can attribute the activity
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.