China-Linked TA4922 Hackers Target UK, Europe With New SilentRunLoader Malware

Proofpoint researchers track TA4922, a China-aligned financially motivated cybercrime group expanding from East Asia into the UK, Germany, Italy, and South Africa using bespoke tax/benefits/payroll-themed phishing lures to deliver a growing toolkit (ValleyRAT/Winos4.0, Atlas RAT, RomulusLoader, SilentRunLoader) that enables credential theft, remote access, fraud and persistent access via DLL sideloading and legitimate remote-management software; the report notes the likely use of LLMs in developing Python-based malware and highlights risks from targeted administrative-themed phishing.