A newly identified Chinese state-linked hacking group has been accused of targeting government institutions and embassies, including those in Sweden and several Southeast Asian countries.
According to cybersecurity firm Palo Alto Network’s Unit 42, the espionage group — dubbed Phantom Taurus — has been conducting covert cyber operations for more than two years, focusing on ministries of foreign affairs and telecommunications providers across Asia, Africa, and Europe.
The researchers say the hackers use sophisticated malware called NET-STAR, designed to evade antivirus systems and access sensitive databases. The new tools, combined with previously known Chinese malware such as China Chopper, enable long-term infiltration of government networks.
Unit 42 noted that Phantom Taurus’ activities often coincide with major geopolitical events and that data stolen from foreign ministries may include diplomatic communications and defence-related information.
Chinese cyber groups have previously been accused of targeting embassies and government agencies in Sweden, France, Singapore, and several Southeast Asian nations. The findings come amid growing European concerns about cyber espionage linked to state-backed actors.
