China-Linked TA416 Targets European Governments with Sophisticated Malware and Phishing Campaigns

A China-aligned threat actor, known as TA416, has launched a targeted campaign against European government and diplomatic organizations since mid-2025, marking a resurgence in activity after a two-year period of relative dormancy in the region.

This cluster of activity has been linked to various other threat groups, including DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda, highlighting the complex and evolving nature of the threat landscape.

The TA416 campaign has been characterized by the use of sophisticated malware, including PlugX, a remote access trojan (RAT) that allows attackers to gain unauthorized access to compromised systems and steal sensitive information.

In addition to malware, the TA416 campaign has also involved OAuth-based phishing attacks, which aim to trick victims into divulging their login credentials or authentication tokens, further compromising the security of European government and diplomatic organizations.

These attacks underscore the need for heightened vigilance and robust cybersecurity measures to protect against the evolving threats posed by nation-state actors and other malicious groups.

As the threat landscape continues to shift and mature, it is essential for organizations to stay informed about the latest threats and vulnerabilities, such as CVEs and other security flaws, to ensure the integrity and confidentiality of their systems and data.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

New SparkCat Malware Variant Targets iOS and Android Devices to Steal Crypto Wallet Recovery Phrases

Cookie-Controlled PHP Web Shells: A New Threat to Linux Servers