Taurus

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Taurus is a malicious software (malware) that has been associated with multiple cyber threat actors, notably Stately Taurus, Iron Taurus, and Starchy Taurus, all of which have connections to Chinese Advanced Persistent Threats (APTs). The malware is designed to infiltrate systems and steal personal information, often through suspicious downloads, emails, or websites. It was used in several significant operations, including Operation Earth Berberoka attributed to Iron Taurus, and Operation Exorcist, where overlaps were found with Stately Taurus (also known as Mustang Panda). Furthermore, the activity in Operation Diplomatic Specter originated from a shared Chinese APT operational infrastructure, exclusively used by these Chinese nation-state threat actors. The Taurus malware was also implicated in a dispute between Germany and Ukraine that escalated after a Russian leak in March 2024. This situation strained Germany-Russia relations, with German Chancellor Olaf Scholz ruling out delivering Taurus missiles to Ukraine, indicating Berlin's unwillingness to be directly involved in the war. Despite domestic and international pressure, Scholz remained firm in his refusal to supply Ukraine with the Taurus cruise missile. The Taurus malware and its associated threat actors continue to pose a significant cybersecurity risk globally. As per Trend Micro, Stately Taurus has utilized this malware in its operations. It has also been mentioned in connection with Starchy Taurus, also known as Winnti. Given the geopolitical implications surrounding the use of Taurus, particularly in the context of the Germany-Ukraine dispute, understanding and mitigating this malware's impact becomes increasingly critical.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Azorult
4
Azorult is a type of malware, or malicious software, that infiltrates systems to exploit and damage them, often without the user's knowledge. It has historically been one of the favored infostealers sold on the marketplace 2easy, alongside RedLine, Raccoon, Vidar, and Taurus. However, as of late Feb
Alloy Taurus
3
Alloy Taurus, a threat actor group, has been identified as a significant cybersecurity concern due to its persistent attempts at cyberespionage, primarily targeting the government sector in Southeast Asia. The activity of this group was first observed in early 2022 and continued throughout 2023, dur
Gelsemium
3
Gelsemium is a sophisticated malware, known for its stealthy operations and advanced techniques. It is often associated with Advanced Persistent Threat (APT) attacks, which are cyberattacks launched by well-resourced and skilled adversaries who persistently target specific entities. Gelsemium has be
Stately Taurus
2
Stately Taurus, also known as Mustang Panda, Bronze President, Red Delta, LuminousMoth, Earth Preta, and Camaro Dragon, is a potent malware linked to Chinese Advanced Persistent Threat (APT) activities. The first signs of its operation date back to at least 2012, with notable activity traced to Marc
Mustang Panda
2
Mustang Panda, also known as Bronze President, Nomad Panda, Naikon, Earth Preta, and Stately Taurus, is a Chinese-aligned threat actor that has been associated with widespread attacks against various countries in the Asia-Pacific region. The group's malicious activities were first traced back to Mar
Taurus Infostealer
1
None
Volt Typhoon
1
Volt Typhoon is a China-linked Advanced Persistent Threat (APT) group that has been operating with significant stealth and operational security. The group has been linked to the KV-Botnet, a malicious network used for various cybercrime activities. This threat actor has demonstrated sophisticated te
Playful Taurus
1
Playful Taurus is a notable threat actor in the cybersecurity landscape, known for its malicious activities against government and diplomatic entities across North and South America, Africa, and the Middle East. The group continually adapts its tactics and tools, showcasing an evolving strategy that
Winnti
1
Winnti, a threat actor or group also known as Starchy Taurus and APT41, has been active since at least 2007, first identified by Kaspersky in 2013. This Chinese state-sponsored entity is renowned for its ability to target supply chains of legitimate software to disseminate malware. The group is link
BlackTech
1
BlackTech is a threat actor or hacking group, with suspected links to China, that is known for its malicious activities aimed at gathering intelligence from technology and government organizations. Notably, this threat actor focuses on entities in the Asia-Pacific region. The cybersecurity industry
Circuit Panda
1
Circuit Panda, also known as BlackTech, HUAPI, Manga Taurus, Palmerworm, Red Djinn, and Temp.Overboard, is a significant threat actor with a history of operating against targets in East Asia, particularly Taiwan, Japan, and Hong Kong since at least 2007. This group is part of a constellation of adva
Palmerworm
1
Palmerworm, also known as BlackTech, Temp.Overboard, Circuit Panda, and Radio Panda, is a threat actor group that has been active since at least 2013. This group has demonstrated extensive capabilities in targeting various sectors such as government, industrial, technology, media, electronics, and t
temp.overboard
1
Temp.Overboard, also known as BlackTech, Circuit Panda, Palmerworm, and several other aliases, is a threat actor that has been active in the cybersecurity landscape since at least 2007. This group is known for its operations against targets in East Asia, specifically Taiwan, Japan, and Hong Kong. As
Taurus Project
1
None
Granite Typhoon
1
Granite Typhoon is a notable malware that has been implicated in several cyber-attacks on various organizations and entities. The malware, which operates by infiltrating systems through suspicious downloads, emails, or websites, has been linked to attacks on telecommunications firms in 2023, an oper
Iron Taurus
1
Iron Taurus, also known as APT27, is a malware that has been linked to various cyber-espionage activities. This malicious software is designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operatio
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Linux
Resecurity
Apt
Backdoor
Espionage
German
Government
Defence
Insurance
Reconnaissance
Lateral Move...
Credentials
Ukraine
Vpn
Germany
Russia
Flashpoint
Infostealer
Spam
State Sponso...
State Sponso...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
RedlineUnspecified
5
RedLine is a notorious malware, discovered in March 2020, designed to exploit computer systems and steal sensitive personal information such as login credentials, cryptocurrency wallets, and financial data. It exports this stolen data to its command-and-control infrastructure. The malware has been u
PingPullUnspecified
3
PingPull is a malicious software (malware) developed by the Chinese nation-state group known as Alloy Taurus, also referred to as Gallium. The malware is designed to exploit and damage computer systems, with capabilities such as stealing personal information, disrupting operations, or holding data h
ASPXSpyUnspecified
2
ASPXSpy is a type of malware, specifically a web shell, that has been used by various threat actors to exploit and damage computer systems. The earliest deployment attempts date back to 2022 when this malicious software was deployed to multiple hosted websites. It's typically installed on vulnerable
PredatorUnspecified
1
Predator is a potent malware that, along with NSO Group's Pegasus, remains a leading provider of mercenary spyware. Despite public disclosures in September 2023, Predator's operators have continued their operations with minimal changes, exploiting recently patched zero-day vulnerabilities in Apple a
More_eggsUnspecified
1
More_eggs, also known as Golden Chickens, is a malware suite utilized by financially motivated cybercrime actors such as Cobalt Group and FIN6. This malware-as-a-service (MaaS) offering has been identified as the "cyber weapon of choice" by Russia-based cyber gangs. It was first seen in email campai
TurianUnspecified
1
Turian is a sophisticated malware, known for its backdoor capabilities, that has been used in numerous cyber espionage campaigns. It infects systems through dubious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage. The Turian backdoor has be
graphicanUnspecified
1
Graphican is a novel malware developed by the Chinese threat actor group known as Flea, APT15, or Nickel. The malware, an evolution of the group's custom backdoor Ketrican, has been used in a series of cyber-attacks against foreign affairs ministries across Central and South America between late 202
RaccoonUnspecified
1
Raccoon is a type of malware utilized by the Scattered Spider threat actors to obtain sensitive information such as login credentials, browser cookies, and browser histories. The Raccoon Stealer is particularly notorious for its ability to detect countermeasures and delete records associated with th
VidarUnspecified
1
Vidar is a Windows-based malware written in C++, known as an infostealer due to its ability to steal personal information from infected systems. It has been leveraged by cybercriminals alongside other malicious software like Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoade
ShadowPadUnspecified
1
ShadowPad is a modular backdoor malware that has been utilized by several Chinese threat groups since at least 2017. Notably, it was used as the payload in supply chain attacks targeting South Asian governments, as reported in the VB2023 paper. ShadowPad provides near-administrative capabilities in
Golden ChickensUnspecified
1
Golden Chickens, also known as More_eggs, is a sophisticated malware suite that was initially discovered in 2018. It is used by financially motivated cybercrime actors like the Cobalt Group and FIN6 to steal sensitive information such as intellectual property and geopolitical intelligence from compr
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
GALLIUMUnspecified
3
Gallium, also known as Alloy Taurus, is a China-aligned threat actor known for executing actions with malicious intent in the cyber domain. In recent years, Gallium has been associated with various significant cyber-espionage campaigns. The group targeted telecommunication entities in the Middle Eas
NICKELUnspecified
2
Nickel is a notable threat actor, or malicious entity, that has been involved in significant cyber operations. Notably, Nickel targeted government organizations across Latin America and Europe, alongside other nation-state affiliated threat actors such as FIN6 and Emissary Panda. These groups focuse
Iron TigerUnspecified
2
Iron Tiger, also known as Iron Taurus or APT27, is a threat actor group known for executing malicious actions with the intent of espionage. The group became prominent after its involvement in Operation Iron Tiger, which was reported in 2015. This operation was a series of Chinese cyber-espionage att
BackdoorDiplomacyUnspecified
1
BackdoorDiplomacy, also known as Playful Taurus, APT15, Vixen Panda, KeChang, and NICKEL, is a threat actor group associated with Chinese cyber espionage campaigns. This group has been particularly active in Africa, targeting high-priority organizations in telecommunications, finance, and government
FleaUnspecified
1
Flea, also known as APT15 or Nickel, is a China-linked threat actor primarily targeting foreign affairs ministries in Central and South American countries. The group's latest campaign utilizes a novel backdoor named "Graphican," which is an evolution of their custom backdoor Ketrican. This new backd
Vixen PandaUnspecified
1
Vixen Panda, also known as APT15, Flea, KE3CHANG, Nickel, Playful Dragon, Royal APT, and BackdoorDiplomacy, among other names, is a significant threat actor believed to be sponsored by the Chinese government. The group has been operational since at least 2004, targeting government entities, diplomat
APT15Unspecified
1
APT15, also known as Vixen Panda, Nickel, Flea, KE3CHANG, Royal APT, and Playful Dragon, is a threat actor group suspected to be of Chinese origin. The group targets global sectors including trade, economic and financial, energy, and military, aligning with the interests of the Chinese government. I
Ke3changUnspecified
1
Ke3chang, also known as APT15, Mirage, Vixen Panda GREF, and Playful Dragon, is a prominent threat actor that has been active since at least 2010. According to the European Union Agency for Cybersecurity (ENISA), this group has consistently targeted energy, government, and military sectors. Ke3chang
NaikonUnspecified
1
Naikon is a threat actor, or group, known for its execution of actions with malicious intent. It is associated with various Advanced Persistent Threat (APT) groups originating from China, such as Growing Taurus and Parched Taurus, also known as Goblin Panda. Naikon has been linked to PLA Unit 78020/
APT27Unspecified
1
APT27, also known as Iron Taurus, is a Chinese threat actor group that primarily engages in cyber operations with the goal of intellectual property theft. The group targets multiple organizations worldwide, including those in North and South America, Europe, and the Middle East. APT27 utilizes vario
Growing TaurusUnspecified
1
None
Goblin PandaUnspecified
1
Goblin Panda is a recognized threat actor, known for its malicious activities in the cyber world. Various research organizations have indicated that several Chinese Advanced Persistent Threat (APT) groups such as Growing Taurus (aka Naikon) and Parched Taurus (aka Goblin Panda) have leveraged this t
Parched TaurusUnspecified
1
None
Sword2033Unspecified
1
Sword2033 is a new and previously undocumented backdoor tool used by the China-linked threat actor known as Alloy Taurus. This group, also referred to as GALLIUM or Softcell, has been actively targeting Linux systems with a variant of the PingPull backdoor, while also deploying Sword2033 in their op
Earth PretaUnspecified
1
Earth Preta, also known as Mustang Panda, Bronze President, TA416, RedDelta, and Stately Taurus, is a prominent threat actor group that has been operational since at least 2012. The group has been highly active in Europe and Asia, employing a variety of tools and malware for their malicious activiti
Camaro DragonUnspecified
1
Camaro Dragon, a Chinese state-sponsored threat actor, has been identified as the source of several cyber attacks on European foreign affairs entities. Checkpoint Research has discovered and analyzed a custom firmware image affiliated with Camaro Dragon, which contained multiple malicious components
I-SoonUnspecified
1
i-SOON, a threat actor believed to be operating out of China, has come into the limelight due to a significant data leak. The leaked documents provide an inside view of i-SOON's operations, revealing its role in executing cyberespionage campaigns on behalf of various Chinese government agencies. Thi
APT41Unspecified
1
APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a threat actor suspected to be associated with China. This group has been active since at least 2012 and has targeted organizations in over 14 countries. APT41 has demonstrated a high degree of sophistication and versatility in its cyb
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Taurus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Unit42
2 months ago
Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia
CERT-EU
4 months ago
Techrights — Links 17/03/2024: Microsoft Windows Shoves Ads Into Third-Party Software, More Countries Explore TikTok Ban
CERT-EU
4 months ago
Russian leak of German military phone call explained: Details, fallout & effect on relations
CERT-EU
4 months ago
German minister reveals how Russia managed to hack into top-secret military talks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
4 months ago
Russia hacks unsecured German line discussing Ukraine arms aid
CERT-EU
4 months ago
Germany Rules Out Russian Hack in Military Data Leak | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
BankInfoSecurity
4 months ago
Germany Rules Out Russian Hack in Military Data Leak
CERT-EU
4 months ago
Germany: Use of non-secure line behind Taurus talk leak to Russia - Cyber Security Review
CERT-EU
4 months ago
German officer used unsecured line for hacked call | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
4 months ago
Mobile Phone Insurance Market Set to Surge to $56.56 Billion by 2028 with Trends in Cybersecurity and AI Integration Shaping the Industry
CERT-EU
4 months ago
Germany under pressure to explain intercepted phone call
CERT-EU
4 months ago
How Germany accidentally leaked British military secrets to Russia
CERT-EU
5 months ago
NATO’s Silver Lining Playbook
Unit42
5 months ago
Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns
DARKReading
5 months ago
Looted RIPE Credentials for Sale on the Dark Web
InfoSecurity-magazine
5 months ago
Orange España Breach: Dark Web Flooded With Operator Credentials
Securityaffairs
5 months ago
Hundreds of network operators’ credentials found circulating in Dark Web
CERT-EU
6 months ago
Philippines Turn to Hackers For Cybersecurity Help as Tensions With China Rise | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
8 months ago
Stately Taurus targets the Philippines as tensions flare in the South Pacific - Cyber Security Review
Unit42
8 months ago
Stately Taurus Targets the Philippines As Tensions Flare in the South Pacific