CyberWire Daily China’s stealthiest spy operation yet. [Research Saturday]
12 snips
Oct 4, 2025 Assaf Dahan, Director of Threat Research at Cortex XDR and a leading investigator with Unit 42, reveals the secrets behind Phantom Taurus, a newly identified Chinese espionage group. They discuss its shift from email to targeting databases, showcasing the sophisticated NET-STAR malware suite designed for stealthy infiltration of government and telecommunications sectors. Dahan highlights the group's persistence and custom tools, emphasizing its strategic move towards higher-value intelligence collection. He also shares critical defensive tips for organizations to enhance their IT hygiene.
AI Snips
Chapters
Transcript
Episode notes
New China-Aligned Espionage Actor
- Phantom Taurus is a newly identified Chinese state-aligned APT focused on large-scale intelligence collection.
- It targets governments, embassies, foreign ministries and defense sectors across Africa, the Middle East, and Asia.
Geopolitical Targeting Pattern
- Phantom Taurus fits the traditional espionage mold among Chinese state-aligned groups, focusing on geopolitical intelligence.
- Its operations often correlate with major diplomatic events and meetings, indicating targeted reconnaissance ahead of such events.
Highly Persistent And Custom Tooling
- Phantom Taurus demonstrates extreme persistence and uses homegrown, well-engineered tools like NET-STAR and Spectre.
- Their custom toolset emphasizes stealth and has not been observed with other threat actors.