China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa
ID: 8143dbce-aaf3-5210-bc6c-58e1fd7b1e2a
STIX ID: report--8143dbce-aaf3-5210-bc6c-58e1fd7b1e2a
Feed Name: Proofpoint Blog
Threat Score
**TA4922 (China-linked)** is a financially motivated cybercrime actor observed by Proofpoint conducting global phishing campaigns targeting organizations in the U.K., Germany, Italy, Japan, Southeast Asia and South Africa; operators deliver RATs and loaders (Atlas RAT, ValleyRAT, RomulusLoader, SilentRunLoader) via DLL side‑loading to steal credentials and browser data, deploy remote access tools (AnyDesk, SyncFuture), and move victims to out‑of‑band messaging to evade defenses.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
