China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

2026-04-03

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

This article covers TA416, a China-aligned threat actor, resuming targeted campaigns against European government and diplomatic entities since mid-2025 using PlugX malware and OAuth-based phishing techniques.

•TA416 overlaps with multiple tracked clusters including DarkPeony, RedDelta, and Mustang Panda, and uses DLL side-loading as a common delivery mechanism
•Attack chains evolved over time: from Cloudflare Turnstile abuse and OAuth redirect phishing via Microsoft Entra ID to MSBuild-based C# project file execution
•PlugX is delivered via malicious archives hosted on Azure Blob Storage, Google Drive, and compromised SharePoint instances
•The backdoor supports five commands including system info capture, reverse shell, payload download, and malware uninstall, with encrypted C2 communication

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images