{"id":263960,"date":"2026-06-04T08:22:00","date_gmt":"2026-06-04T12:22:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/04\/china-linked-ta4922-expands-phishing-attacks-to-uk-germany-italy-and-south-africa\/"},"modified":"2026-06-04T09:50:09","modified_gmt":"2026-06-04T13:50:09","slug":"china-linked-ta4922-expands-phishing-attacks-to-uk-germany-italy-and-south-africa","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/04\/china-linked-ta4922-expands-phishing-attacks-to-uk-germany-italy-and-south-africa\/","title":{"rendered":"China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/china-linked-ta4922-expands-phishing.html\">China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/china-linked-ta4922-expands-phishing.html\">https:\/\/thehackernews.com\/2026\/06\/china-linked-ta4922-expands-phishing.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-04 08:22:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Jun 04, 2026<\/span><\/span><span class=\"p-tags\">Malware \/ Cybercrime<\/span><\/p>\n<p>A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa.<\/p>\n<p>These efforts have been complemented by a &#8220;rapid operational tempo&#8221; and a continually evolving malware arsenal comprising known families like ValleyRAT (aka Winos 4.0) and Atlas RAT (aka AtlasCross RAT), as well as previously undocumented tools called RomulusLoader and SilentRunLoader, according to Proofpoint.<\/p>\n<p>The enterprise security company is keeping tabs on the activity under the moniker TA4922, describing it as a Chinese-speaking threat actor largely targeting East Asia. TA4922 is assessed to share some level of overlap with Silver Fox, with the threat actor&#8217;s tradecraft more focused on cybercriminal objectives than espionage.<\/p>\n<p>&#8220;The actor is likely financially motivated and focused on obtaining remote access to victim environments for financial gain, such as data theft, fraud, access resale, or persistent access,&#8221; the company said, characterizing it as an adversary conducting &#8220;more unique campaigns&#8221; than any other threat actor it tracks.<\/p>\n<p>In recent months, however, attacks mounted by the hacking group have relied on phishing campaigns using human resources- and business-themed lures for credential phishing, fraud, and malware delivery, including Atlas RAT, RomulusLoader, and SilentRunLoader.<\/p>\n<p>Another notable shift involves attempts to move conversations from emails to out-of-band communication channels like LINE, WhatsApp, and Microsoft Teams, allowing the attackers to bypass enterprise security controls and steal data or deliver malware. Details of some of the recently observed TA4922 phishing campaigns are below &#8211;<\/p>\n<ul>\n<li>March 6, 2026: Using human resources-related lures in attacks targeting Japanese organizations to deliver Atlas RAT via DLL side-loading<\/li>\n<li>March 23, 2026: Using corporate- and human resources-themed lures in attacks&#8230;<\/li>\n<\/ul>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/china-linked-ta4922-expands-phishing.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa https:\/\/thehackernews.com\/2026\/06\/china-linked-ta4922-expands-phishing.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":263961,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhq_JkP80d1IA8rz-SoYEBmuGqK_K7OpGrqiki4vB1ShMW5mFBVSMvl8H5MnYylZMl3AWeqdAmp19oZIL_7amYErNxBGiUAJqrOqGO0zjHH2jxCKCNdiGH_nqjHlksD9dlu4QGCq9KzMRfnWAi7YnPQQ86pnCypNupFDn_h-hSJdfhWT0Y4s01w6Cw-s6Od\/s1600\/phishing-hook.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[32,25,34],"class_list":["post-263960","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-malware","tag-phishing","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/263960"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=263960"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/263960\/revisions"}],"predecessor-version":[{"id":263962,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/263960\/revisions\/263962"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/263961"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=263960"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=263960"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=263960"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}