China-Linked TA416 Targets European Governments with Sophisticated Malware and Phishing Tactics

A China-aligned threat actor, known as TA416, has been targeting European government and diplomatic organizations since mid-2025, marking a significant shift in its targeting strategy after a two-year period of minimal activity in the region.

The campaign, which has been attributed to TA416, a cluster of activity that overlaps with other known threat groups, including DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda, has been using sophisticated tactics to compromise its targets.

TA416 has been utilizing the PlugX malware, a remote access trojan (RAT) that allows attackers to gain control over infected systems, as well as OAuth-based phishing tactics to trick victims into divulging sensitive information.

The use of OAuth-based phishing tactics is particularly concerning, as it allows attackers to bypass traditional security measures and gain access to sensitive information without being detected.

As the threat landscape continues to evolve, it is essential for European government and diplomatic organizations to remain vigilant and take proactive measures to protect themselves against these types of attacks.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

Google Rolls Out Android Developer Verification to Combat Harmful Apps

Cookie-Controlled PHP Web Shells: A Growing Threat to Linux Servers