Security News > 2022 > March > Chinese phishing actors consistently targeting EU diplomats
The China-aligned group tracked as TA416 has been consistently targeting European diplomats since August 2020, with the most recent activity involving refreshed lures to coincide with the Russian invasion of Ukraine.
According to a new report by Proofpoint, TA416 spearheads cyber-espionage operations against the EU, consistently focusing on this long-term role without reaping opportunistic gains.
By keeping their tools and tactics essentially unchanged since 2020 and only refreshing their phishing themes and peripheral components, TA416 has made attribution simple for the analysts.
Starting in August 2020, the phishing actors impersonated EU-based organizations to target governments in the continent.
Finally, on February 28, 2022, the Chinese threat actors were spotted using a compromised diplomat's address to target other top-ranking officials of NATO countries with lures involving the Russian invasion of Ukraine.
"The group uses different legitimate PE files to initiate side-loading, as well as a variety of PlugX DLL loaders including the PotPlayer and DocCon versions," elaborates the Proofpoint report.