惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

月光博客
月光博客
Cyberwarzone
Cyberwarzone
L
LINUX DO - 最新话题
N
News and Events Feed by Topic
T
Troy Hunt's Blog
Help Net Security
Help Net Security
S
Security @ Cisco Blogs
Google DeepMind News
Google DeepMind News
Security Archives - TechRepublic
Security Archives - TechRepublic
M
MIT News - Artificial intelligence
G
Google Developers Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V2EX - 技术
V2EX - 技术
Y
Y Combinator Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
大猫的无限游戏
大猫的无限游戏
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Microsoft Security Blog
Microsoft Security Blog
Cisco Talos Blog
Cisco Talos Blog
T
Threatpost
Recent Commits to openclaw:main
Recent Commits to openclaw:main
S
SegmentFault 最新的问题
I
InfoQ
H
Hacker News: Front Page
D
Docker
Scott Helme
Scott Helme
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Blog — PlanetScale
Blog — PlanetScale
人人都是产品经理
人人都是产品经理
博客园 - 叶小钗
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
N
Netflix TechBlog - Medium
AWS News Blog
AWS News Blog
Know Your Adversary
Know Your Adversary
博客园 - 【当耐特】
T
Tor Project blog
U
Unit 42
H
Heimdal Security Blog
Microsoft Azure Blog
Microsoft Azure Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Privacy & Cybersecurity Law Blog
PCI Perspectives
PCI Perspectives
美团技术团队
O
OpenAI News
T
Tailwind CSS Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
B
Blog
GbyAI
GbyAI
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
MyScale Blog
MyScale Blog

Proofpoint News Feed

New Cargo Theft Surge: From Lobster Heists To Bourbon Warehouse Scams Defending the Authentication Flow: Device Code Phishing with Selena Larson Proofpoint Joins the OpenAI Daybreak Cyber Partner Program to Advance Responsible AI-Powered Cyber Defense | Proofpoint US OpenAI Lets Cyber Vendors Embed GPT-5.5 in Defenses Suspected North Korean actors use fake ‘coding assignments’ to steal crypto Proofpoint Introduces Active Exploits Protection to Help Organizations Prioritize Vulnerability Patching for Real-World Attacks in the AI Era | Proofpoint US Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks Proofpoint Integrates with the Claude Compliance API to Extend Data Security and Governance to Claude | Proofpoint US Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America | Proofpoint US The spy who logged me in. - YouTube Proofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise Investigations | Proofpoint US The Most Powerful Women Of The Channel 2026: Power 100 AI Security Gaps Create New MSSP Opportunity: Proofpoint Claude Mythos Fears Startle Japan's Financial Services Sector Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in Place | Proofpoint US AI-Era Threats Spread Beyond Email Into SaaS, Collaboration Apps, and AI Assistants Clear market trend for software providers to help with AI: Proofpoint CEO - YouTube Cargo thieving hackers running sophisticated remote access campaigns, researchers find Freight Hacker Wields Code-Signing Service to Evade Defenses - YouTube FIFA World Cup 2026: More than One-Third of Official Partners Expose the Public to the Risk of Email Fraud | Proofpoint US Microsoft 365 mailbox rules abused for exfiltration, persistence AI Security Risks: Proofpoint CSO Ryan Kalember, Live at RSAC 2026 Axios Future of Cybersecurity: Russians suspected of using iPhone spyware 15 Top Cybersecurity CEOs On The Future Of AI Agents: RSAC 2026 How AI Agents Are Redefining the Insider Risk Threat Model 5 Ways To Protect Enterprise Value During A Merger Or Acquisition CUBE Events 20 Coolest AI And Security Products At RSAC 2026 Proofpoint Redefines Email and Data Security for the Agentic Workspace | Proofpoint US Proofpoint Pursues FedRAMP High Authorization Process for Collaboration Security | Proofpoint US Proofpoint Unveils Industry’s Newest Intent-Based AI Security Solution to Protect Enterprise AI Agents | Proofpoint US
China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa
The Hacker News · 2026-06-04 · via Proofpoint News Feed

A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa.

These efforts have been complemented by a "rapid operational tempo" and a continually evolving malware arsenal comprising known families like ValleyRAT (aka Winos 4.0) and Atlas RAT (aka AtlasCross RAT), as well as previously undocumented tools called RomulusLoader and SilentRunLoader, according to Proofpoint.

The enterprise security company is keeping tabs on the activity under the moniker TA4922, describing it as a Chinese-speaking threat actor largely targeting East Asia. TA4922 is assessed to share some level of overlap with Silver Fox, with the threat actor's tradecraft more focused on cybercriminal objectives than espionage.

"The actor is likely financially motivated and focused on obtaining remote access to victim environments for financial gain, such as data theft, fraud, access resale, or persistent access," the company said, characterizing it as an adversary conducting "more unique campaigns" than any other threat actor it tracks.

Cybersecurity

In recent months, however, attacks mounted by the hacking group have relied on phishing campaigns using human resources- and business-themed lures for credential phishing, fraud, and malware delivery, including Atlas RAT, RomulusLoader, and SilentRunLoader.

Another notable shift involves attempts to move conversations from emails to out-of-band communication channels like LINE, WhatsApp, and Microsoft Teams, allowing the attackers to bypass enterprise security controls and steal data or deliver malware. Details of some of the recently observed TA4922 phishing campaigns are below -

  • March 6, 2026: Using human resources-related lures in attacks targeting Japanese organizations to deliver Atlas RAT via DLL side-loading
  • March 23, 2026: Using corporate- and human resources-themed lures in attacks targeting Japanese organizations to deliver a C-based loader called RomulusLoader via DLL side-loading
  • March 30, 2026: Using tax authority-related lures in attacks targeting organizations in the U.K. to deliver a vibe-coded Python-based loader and stealer called SilentRunLoader, which then drops an executable to harvest sensitive data from Google Chrome including stored credentials, cookies, and browsing information
  • April 2, 2026: Using human resources communication lures in attacks targeting organizations in the U.K. and Germany to deliver Atlas RAT via DLL side-loading
  • April 7, 2026: Using invoice-related lures in attacks targeting Japanese organizations to deliver Atlas RAT via DLL side-loading
  • April 10, 2026: Using benefits- and compliance-themed lures in attacks targeting organizations across Southeast Asia and the U.K. to deliver SilentRunLoader via DLL side-loading and exfiltrate Chrome data
  • Mid-April 2026: Using business- and tax-related themes in attacks targeting organizations in Japan and Germany to deliver RomulusLoader, which is then used to deploy AnyDesk and SyncFuture via DLL side-loading

"While the actor is assessed to be financially motivated, the capabilities of the malware include the potential for surveillance, which could be used by or sold to espionage groups," Proofpoint said. "The global nature of this actor shows how organizations should be aware of emerging and complex threats, regardless of geographic targeting. These types of actors can quickly expand and scale their tactics to include more targets at any time."

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.