A China-aligned threat actor, known as TA416, has been targeting European government and diplomatic organizations since mid-2025, following a two-year period of minimal activity in the region.
The campaign, attributed to TA416, overlaps with other clusters of activity, including DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda, and has been using sophisticated tactics to compromise its targets.
TA416’s activity has included the use of PlugX malware, a remote access trojan that allows attackers to gain control over infected systems, as well as OAuth-based phishing campaigns designed to trick victims into divulging sensitive information.
The targeting of European governments and diplomatic organizations by TA416 is a significant concern, as it highlights the ongoing threat posed by China-linked threat actors to global security and stability.
As the threat landscape continues to evolve, it’s essential for organizations to stay vigilant and take proactive measures to protect themselves against sophisticated threats like TA416.
Source: Original Article
