A China-aligned threat actor, known as TA416, has been targeting European government and diplomatic organizations since mid-2025, marking a significant shift in its targeting strategy after a two-year period of minimal activity in the region.
The TA416 campaign has been linked to several other clusters of activity, including DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda, highlighting the complexity and reach of this threat actor.
The attackers are utilizing the PlugX malware, a remote access trojan (RAT) that allows for unauthorized access to compromised systems, as well as OAuth-based phishing tactics to gain initial access to target networks.
The use of OAuth-based phishing is particularly concerning, as it exploits the trust inherent in legitimate authentication protocols to trick victims into divulging sensitive information or granting unauthorized access to their accounts.
As the campaign continues to evolve, it is essential for European government and diplomatic organizations to remain vigilant and implement robust security measures to protect against these sophisticated threats.
Source: Original Article
