Bookworm to Stately Taurus Using the Unit 42 Attribution Framework unit42.paloaltonetworks.com/bookworm-…

We examine Bookworm, a notable malware family used by Stately Taurus, a Chinese advanced persistent threat (APT) group active since at least 2012. This group conducts cyberespionage campaigns targeting government and commercial entities across Europe and Asia.

The case study illustrates how the Unit 42 Attribution Framework helps us dissect and confirm the operational link between this specific malware and its consistent usage by Stately Taurus. We provide a transparent look into the analytical process, illustrating how we moved from analyzing the malware’s code to understanding the adversary’s broader operations.