BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Chinese Cybercrime Group Expands European Attacks

China-linked cybercrime group expands phishing across Europe with advanced, surveillance-capable malware.

  • A China-linked cybercrime group, TA4922, has expanded its phishing campaigns to target organizations across Europe.
  • The group employs a rapidly evolving arsenal of malware, including newly documented loaders like RomulusLoader and SilentRunLoader.
  • While financially motivated, the actor’s surveillance-capable malware could be exploited by or sold to espionage groups.

A China-linked cybercrime group known as TA4922 has significantly widened its geographic scope, launching phishing campaigns against European organizations in the U.K., Germany, and Italy as of June 2026. These attacks leverage business-themed lures to deploy sophisticated malware for financial gain. Consequently, the group’s tactics showcase a “rapid operational tempo” and an expanding toolkit.

- Advertisement -

This arsenal includes known remote access trojans like ValleyRAT and Atlas RAT, according to Proofpoint. However, the actor also uses previously undocumented tools such as RomulusLoader and SilentRunLoader. The enterprise security company characterizes TA4922 as conducting “more unique campaigns” than any other threat actor it tracks, which you can read about in their report.

A notable shift involves moving conversations to platforms like WhatsApp or Microsoft Teams after initial contact. This technique allows attackers to bypass enterprise security controls more easily. Meanwhile, campaigns in late March and April 2026 used tax authority and human resources lures to deliver malware via DLL side-loading.

For instance, a March 30 campaign targeting the U.K. delivered the Python-based SilentRunLoader to steal Chrome data. Another wave in mid-April used business themes to deploy RomulusLoader, which then installed tools like AnyDesk. Proofpoint assesses the actor as financially motivated, focused on “data theft, fraud, access resale, or persistent access.”

“While the actor is assessed to be financially motivated, the capabilities of the malware include the potential for surveillance, which could be used by or sold to espionage groups,” Proofpoint said. The global expansion demonstrates how such threats can quickly scale to new targets regardless of geography.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Apple Overtakes Nvidia as World’s Most Valuable Public Company

Apple briefly surpassed NVIDIA as the world’s most valuable publicly traded company, hitting an...

Galaxy Digital buys naming rights to Texas Tech stadium in 15-year deal

Galaxy Digital signed a 15-year naming rights deal with Texas Tech, renaming the football...

ViteVenom: 7 Malicious npm Packages Target Vite Ecosystem

Researchers at Checkmarx uncovered the ViteVenom campaign, a software supply chain attack using seven...

SpaceX Stock Future: Starlink Profit vs $5B Loss & $2.1T Valuation

Starlink is profitable and growing, generating $11.4 billion in revenue in 2025 and making...

China’s Moonshot AI Launches Kimi K3, Triggering Global Tech Selloff

Moonshot AI launched Kimi K3 on Thursday, a 2.8-trillion-parameter open-weight model that ranked alongside...

Must Read

6 Best VPN Providers That Accept Monero

Privacy and anonymity are probably the most important things that we should all consider in today's internet era. Although there are a lot of...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading