A sophisticated threat actor, known as TA416, with ties to China has been actively targeting European government and diplomatic organizations since mid-2025, marking a significant resurgence in the region after a two-year period of relatively low activity.
This campaign, attributed to TA416, overlaps with other known clusters of activity, including DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda, indicating a complex and interconnected threat landscape.
The TA416 group has been employing advanced malware, including the notorious PlugX, and OAuth-based phishing tactics to compromise the security of their targets, highlighting the evolving nature of cyber threats and the need for robust defenses.
The use of OAuth-based phishing by TA416 underscores the threat actor’s ability to adapt and exploit vulnerabilities in authentication protocols, making it challenging for organizations to detect and respond to these threats.
As the threat landscape continues to evolve, it is essential for European government and diplomatic organizations to remain vigilant and implement robust security measures to protect against the threats posed by TA416 and other sophisticated threat actors.
Source: Original Article
