China-Linked TA416 Targets European Governments with Sophisticated Phishing Campaigns

A China-aligned threat actor, known as TA416, has been targeting European government and diplomatic organizations since mid-2025, marking a resurgence in activity after a two-year period of minimal targeting in the region.

The campaign, attributed to TA416, overlaps with other known clusters of activity, including DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda, highlighting the complex and evolving nature of China-linked threat actors.

The TA416 activity has been characterized by the use of PlugX malware and OAuth-based phishing tactics, demonstrating the group’s ability to adapt and refine its techniques to evade detection and exploit vulnerabilities.

As the threat landscape continues to evolve, it is essential for European government and diplomatic organizations to remain vigilant and proactive in their cybersecurity efforts, implementing robust defenses against sophisticated phishing campaigns and malware threats.

The targeting of European governments by TA416 underscores the ongoing importance of international cooperation and information sharing in the fight against cyber threats, and highlights the need for organizations to prioritize cybersecurity awareness and training to mitigate the risk of compromise.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

Axios npm Package Compromised by UNC1069 Social Engineering Attack

Microsoft Exposes Cookie-Controlled PHP Web Shells on Linux Servers