Phantom Taurus APT Targets Governments with NET-STAR Malware

Cyber Security News by CyberSum.net

Published on October 1, 2025 at 06:04 PM

8 sources

Researchers have identified a new cyber espionage group named Phantom Taurus, which has been targeting government and telecommunications entities across multiple regions for over two years. The group, whose activities align with a nation-state's interests, has recently shifted from stealing emails to directly exfiltrating data from SQL databases. A key component of their arsenal is a newly discovered custom malware suite called NET-STAR, designed to compromise IIS web servers. This advanced toolkit uses fileless backdoors and evasion techniques to maintain stealth and persistence on victim networks. The group's unique tactics and custom tools distinguish it as a significant and evolving threat.

Also Read

Excel Add-in Attack Delivers CABINETRAT Malware Backdoor

A national cyber incident response team has issued a warning about a new malware campaign deploying the CABINETRAT backdoor. Attackers are using malicious Excel add-in (XLL) files, often distributed in ZIP archives, to gain initial access to systems. The malware establishes persistence through registry modifications and scheduled tasks, cleverly loading its shellcode from a PNG image file. This full-featured backdoor is capable of information gathering, remote command execution, and file operations. To evade detection, the malware employs robust anti-virtualization and anti-analysis checks.

By Cyber Security News by CyberSum.netOctober 2, 2025 at 12:00 AM