China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Published: 1 month ago (April 3, 2026 at 01:34 PM EDT)

1 min read

Source: The Hacker News

A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid‑2025, following a two‑year period of minimal targeting in the region.

The campaign has been attributed to TA416, a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda.

“This TA416 activity included multiple…”

Back to Blog

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

Overview An Iran‑nexus threat actor is suspected to be behind a password‑spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid t...

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

Threat actors likely associated with the Democratic People’s Republic of Korea DPRK have been observed using GitHub as command‑and‑control C2 infrastructure in...

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large‑scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database creden...

The State of Trusted Open Source Report

In December 2025, we shared the first‑ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open‑source co...

Related posts

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

The State of Trusted Open Source Report