China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing Since mid-2025 the China-aligned actor TA416 has resumed targeting European government and diplomatic organizations using web bugs and evolving malware delivery chains. The group repeatedly modified its infection techniques—abusing Cloudflare Turnstile, OAuth redirects, MSBuild/C# project files, and hosting payloads on Azure Blob Storage, Google Drive, and compromised SharePoint—while expanding operations to...

China-linked TA416 has resumed attacks on European government and diplomatic targets since mid-2025, using PlugX, OAuth-based phishing, Cloudflare Turnstile, and Azure/Google Drive payload hosting. #TA416 #PlugX #Europe

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing Since mid-2025 the China-aligned actor TA416 has resumed targeting European government and diplomatic organizations using web bugs and evolving malware delivery chains. The group repeatedly modified its infection techniques—abusing Cloudflare Turnstile, OAuth redirects, MSBuild/C# project files, and hosting payloads on Azure Blob Storage, Google Drive, and compromised SharePoint—while expanding operations to...

China-linked TA416 has resumed targeting European and Middle Eastern governments using evolving techniques like OAuth redirects, Cloudflare Turnstile, MSBuild, and Azure-based payloads since mid-2025. #TA416 #PlugX #China

China-linked TA416 escalates cyber espionage, targeting European and Middle Eastern governments with advanced techniques like PlugX malware and OAuth-based phishing. #CyberSecurity #TA416 #PlugX #Phishing Link: thedailytechfeed.com/china-linked...

Original post on capalearning.com

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing A cyber threat actor aligned with China has been targeting European government and diplomatic organizations since...

#Cyber #Security #ChinaLinked #European #Governments […]

[Original post on capalearning.com]

I’d come running back to EU again: TA416 resumes European government espionage campaigns Proofpoint observed China-aligned TA416 resume systematic targeting of European government and diplomatic entities from mid-2025 through early 2026 and expand operations into Middle Eastern diplomatic and government organizations following the outbreak of conflict in Iran. The actor employed waves of web-bug reconnaissance and evolving malware delivery chains—fake Cloudflare Turnstile pages, Microsoft...

China-aligned TA416 resumed targeted espionage on European government and diplomatic entities from mid-2025 to early 2026, expanding into Middle Eastern organizations amid Iran conflict. Techniques include fake Cloudflare pages and DLL sideloading. #TA416 #PlugX

I’d come running back to EU again: TA416 resumes European government espionage campaigns | Proofpoint US Key findings From mid-2025 onwards, the China-aligned threat actor TA416 resumed observed targeting of European government and diplomatic organizations following a period of reduced EU-

After a lull in activity targeting Europe from mid-2023 to mid-2025, the China-aligned espionage actor #TA416 (RedDelta, Vertigo Panda, Red Lich) has resumed targeting European government and diplomatic entities, with a recent expansion to the Middle East. brnw.ch/21x1f0j