A China-aligned threat actor, known as TA416, has been targeting European government and diplomatic organizations since mid-2025, marking a significant shift in its strategy after a two-year period of minimal activity in the region.
The campaign, which has been attributed to TA416, overlaps with other known threat actor clusters, including DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda, highlighting the complex and evolving nature of cyber threats.
TA416’s tactics, techniques, and procedures (TTPs) involve the use of sophisticated malware, such as PlugX, and OAuth-based phishing attacks, designed to evade detection and gain unauthorized access to sensitive information.
The targeting of European governments and diplomatic organizations by TA416 underscores the ongoing threat of state-sponsored cyber espionage and the need for enhanced cybersecurity measures to protect against these types of attacks.
As the cyber threat landscape continues to evolve, it is essential for organizations to stay informed about the latest TTPs and vulnerabilities, such as those associated with CVE-2021-44228, to ensure the security and integrity of their systems and data.
Source: Original Article
