Chinese-Speaking Actor TA4922 Widens Its Global Reach

Proofpoint attributes a fast-evolving, financially motivated Chinese-speaking cybercrime group tracked as TA4922 with expanded targeting from Japan and East Asia into the UK, Germany, Italy and South Africa; the actor runs numerous campaigns using localized social engineering to deliver RATs and loaders (Atlas RAT, ValleyRAT/Winos 4.0, RomulusLoader, SilentRunLoader) via DLL sideloading and file-sharing, moves victims to messaging apps, deploys remote management tools like AnyDesk, and appears to use LLMs to accelerate Python malware development.