China-Linked TA416 Targets European Governments with Advanced Malware and Phishing Tactics

A China-aligned threat actor, known as TA416, has been targeting European government and diplomatic organizations since mid-2025, marking a significant shift in their tactics after a two-year period of minimal activity in the region.

The TA416 group has been linked to various other clusters of activity, including DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda, highlighting the complex and evolving nature of their operations.

The current campaign involves the use of advanced malware, such as PlugX, and OAuth-based phishing tactics to compromise the security of their targets, demonstrating the group’s ability to adapt and refine their methods to achieve their objectives.

The targeting of European governments and diplomatic organizations by TA416 raises concerns about the potential for sensitive information to be compromised, and highlights the need for these organizations to remain vigilant and proactive in their cybersecurity measures.

As the threat landscape continues to evolve, it is essential for organizations to stay informed about the latest tactics and techniques used by threat actors like TA416, and to implement effective countermeasures to protect themselves against these types of attacks.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

North Korean Hackers Target Axios Maintainer in Sophisticated Social Engineering Attack

Cookie-Controlled PHP Web Shells: A New Threat to Linux Servers