China-Linked TA416 Targets European Governments with Sophisticated Malware and Phishing Tactics

A China-aligned threat actor, known as TA416, has been targeting European government and diplomatic organizations since mid-2025, marking a significant shift in its targeting strategy after a two-year period of minimal activity in the region.

The campaign, which has been attributed to TA416, is linked to various other clusters of activity, including DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda, highlighting the complex and evolving nature of the threat landscape.

TA416’s tactics, techniques, and procedures (TTPs) involve the use of PlugX malware and OAuth-based phishing attacks, demonstrating a high level of sophistication and adaptability in its efforts to compromise European government and diplomatic organizations.

The use of PlugX malware, a remote access trojan (RAT), allows TA416 to gain unauthorized access to targeted systems, while OAuth-based phishing attacks enable the threat actor to trick victims into divulging sensitive information, such as login credentials.

The targeting of European government and diplomatic organizations by TA416 underscores the need for heightened vigilance and robust cybersecurity measures to protect against sophisticated threat actors.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

npm Supply Chain Attack: UNC1069 Uses Social Engineering on Axios Maintainer

Microsoft Exposes Cookie-Controlled PHP Web Shells on Linux Servers