Microsoft’s chip-level cooling breakthrough is transforming the economics of AI infrastructure. As trillion-dollar data centre projects surge, energy, cooling, and workforce demands are redefining the future of global technology.
Security researchers have unmasked Phantom Taurus, a sophisticated Chinese state-sponsored hacking group. For over two years, the group has conducted covert espionage against government and telecommunications organisations worldwide using a custom, fileless malware suite called NET-STAR.
A ransomware attack on a Toowoomba pharmacy has resulted in the leak of sensitive patient data, including medical records and NDIS information. The DragonForce ransomware group has claimed responsibility, highlighting the growing threat to Australian healthcare providers.
Security researchers have unmasked Phantom Taurus, a sophisticated Chinese state-sponsored hacking group. For over two years, the group has conducted covert espionage against government and telecommunications organisations worldwide using a custom, fileless malware suite called NET-STAR.
Cyber News Centre's cyber update for 3rd October 2025: Palo Alto Networks has disclosed the activities of a previously undocumented Chinese state-sponsored hacking group, dubbed Phantom Taurus. The group has been conducting a sophisticated, multi-year espionage campaign against government and telecommunications organisations across Africa, the Middle East, and Asia.
Palo Alto Networks is a global cybersecurity leader, known for its advanced firewalls and cloud-based security solutions. The company's Unit 42 threat intelligence team actively researches and reports on emerging cyber threats, providing critical insights to the security community and the public.
The Update: For over two and a half years, the Phantom Taurus group has systematically targeted ministries of foreign affairs, embassies, and military operations to steal sensitive intelligence. The group's tactics have evolved from email server exploitation to direct attacks on SQL Server databases, allowing for more efficient data theft. Researchers at Palo Alto Networks' Unit 42 discovered a custom malware suite named NET-STAR, designed specifically for these attacks.
This toolkit operates entirely in memory, leaving minimal forensic traces and evading traditional antivirus systems. The malware includes advanced features to bypass modern security measures like Windows' Antimalware Scan Interface (AMSI) and Event Tracing for Windows (ETW).
Assaf Dahan, director of threat research at Palo Alto Networks, stated, "The level of sophistication that we've seen from this group is really off the charts."
The group's operations often align with major geopolitical events, indicating a clear connection to Chinese state interests.
Why it Matters: The identification of Phantom Taurus highlights the persistent and evolving nature of state-sponsored cyber espionage.
"When I found them searching for specific diplomatic keywords and then exfiltrating emails from embassies and military operations, I realised this was a serious intelligence collection effort," said Lior Rochberger, a senior researcher at Unit 42.
For organisations, particularly in the government and telecommunications sectors, this serves as a critical reminder that internet-facing servers remain a primary target for sophisticated threat actors.
The use of fileless malware that operates in-memory challenges conventional security defences, making detection and response significantly more difficult. This incident demonstrates that even with robust security postures, determined nation-state groups can maintain long-term, undetected access to critical networks. The focus on stealing diplomatic and military intelligence has direct implications for national security and international relations, affecting strategic decision-making processes.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
A ransomware attack on a Toowoomba pharmacy has resulted in the leak of sensitive patient data, including medical records and NDIS information. The DragonForce ransomware group has claimed responsibility, highlighting the growing threat to Australian healthcare providers.
Australian Clinical Labs (ACL) has agreed to a $5.8 million penalty following a 2022 data breach at its subsidiary, Medlab Pathology. The breach, orchestrated by the Quantum ransomware group, exposed the sensitive data of 223,000 Australians, prompting regulatory action from the OAIC.
WestJet has issued a further notice on its June cyber incident, confirming passenger data was exposed though payment details remain secure. The update comes amid rising aviation cyberattacks, including a recent Collins Aerospace breach that disrupted major European airports.
Volvo Group North America has disclosed a data breach exposing employee data after a ransomware attack on its HR supplier, Miljdata. The incident highlights the growing threat of supply chain attacks and their far-reaching consequences.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
