Stately Taurus conducts large-scale attacks on the government structures of the island state.
Relations between China and the Philippines have been strained in recent months. In August, a Chinese coast guard used a water cannon against a Philippine ship off a disputed atoll in the Spratly Archipelago. The Philippines, in turn, announced joint patrols with the United States and military exercises with Australia, and also stopped the operation of a hotline with China and began dismantling Chinese barriers near the disputed territory.
Against the background of the aggravation of relations in the material world, the same thing happened in the digital space. Researchers from the Unit 42 division of Palo Alto Networks have recorded three malicious campaigns of the Chinese group Stately Taurus, aimed at state structures in the South China Sea, including the Philippine government.
Attackers used legitimate software, such as Solid PDF Creator and SmadavProtect, to inject malicious files, while simulating legitimate Microsoft traffic.
Stately Taurus, also known as Mustang Panda and Red Delta, has been active since 2012. This is a Chinese cyber espionage group targeting government agencies, nonprofits, and religious organizations in North America, Europe, and Asia.
The first Stately Taurus campaign reviewed by researchers began on August 1 of this year with a malicious package on Google Drive. The second campaign, launched on August 3, used an encrypted path with multiple folders. The third campaign on August 16 was structurally identical to the first.
The IP address "45.121.146[.]113" associated with Stately Taurus was used to mask traffic as legitimate Microsoft traffic. Monitoring showed multiple connections to this server from Philippine government agencies.
Stately Taurus activity in August indicates a successful penetration of government structures in the Philippines. The Group continues to conduct global cyber espionage operations related to China's geopolitical interests.
The researchers provided Compromise indicators (IOCs) of the identified threat so that third-party security vendors can set up appropriate security rules.
To protect your company from such threats, Palo Alto Networks experts recommend using NGFW, XDR, XSOAR, or XSIAM solutions. Only comprehensive security can truly protect organizations from hackers.
Relations between China and the Philippines have been strained in recent months. In August, a Chinese coast guard used a water cannon against a Philippine ship off a disputed atoll in the Spratly Archipelago. The Philippines, in turn, announced joint patrols with the United States and military exercises with Australia, and also stopped the operation of a hotline with China and began dismantling Chinese barriers near the disputed territory.
Against the background of the aggravation of relations in the material world, the same thing happened in the digital space. Researchers from the Unit 42 division of Palo Alto Networks have recorded three malicious campaigns of the Chinese group Stately Taurus, aimed at state structures in the South China Sea, including the Philippine government.
Attackers used legitimate software, such as Solid PDF Creator and SmadavProtect, to inject malicious files, while simulating legitimate Microsoft traffic.
Stately Taurus, also known as Mustang Panda and Red Delta, has been active since 2012. This is a Chinese cyber espionage group targeting government agencies, nonprofits, and religious organizations in North America, Europe, and Asia.
The first Stately Taurus campaign reviewed by researchers began on August 1 of this year with a malicious package on Google Drive. The second campaign, launched on August 3, used an encrypted path with multiple folders. The third campaign on August 16 was structurally identical to the first.
The IP address "45.121.146[.]113" associated with Stately Taurus was used to mask traffic as legitimate Microsoft traffic. Monitoring showed multiple connections to this server from Philippine government agencies.
Stately Taurus activity in August indicates a successful penetration of government structures in the Philippines. The Group continues to conduct global cyber espionage operations related to China's geopolitical interests.
The researchers provided Compromise indicators (IOCs) of the identified threat so that third-party security vendors can set up appropriate security rules.
To protect your company from such threats, Palo Alto Networks experts recommend using NGFW, XDR, XSOAR, or XSIAM solutions. Only comprehensive security can truly protect organizations from hackers.
