Chinese hackers use new Atlas RAT malware in European cyberattacks

**TA4922 expands into Europe with new malware and loaders** — Proofpoint documents a Chinese-speaking cybercrime group (TA4922) conducting high-tempo phishing campaigns across Germany, Italy, the UK and beyond, deploying Atlas RAT (remote access trojan), multiple loaders (RomulusLoader, SilentRunLoader) and ValleyRAT/Winos4.0 to perform reconnaissance, file theft, keylogging, audio/video capture and persistence, with anti-analysis features and evidence of active exploitation and diverse lures.