🟠High  | Source: The Hacker News
A China-linked threat group, TA4922, has significantly expanded its phishing campaigns beyond its previous targets to now include organisations in the UK, Germany, Italy, and South Africa. The group is deploying known remote access trojans including ValleyRAT and Atlas RAT, with a fast-moving operational pace and an evolving malware toolkit. This matters because the expansion into European markets signals a deliberate strategic shift, increasing risk for organisations in these regions.
Architect’s Take: Review email gateway and endpoint detection rules for ValleyRAT (Winos 4.0) and Atlas RAT indicators of compromise, and ensure phishing-resistant MFA is enforced across all cloud console and SaaS access points. Consider threat intelligence feeds covering Chinese APT activity to stay ahead of this group’s rapidly evolving malware arsenal.
Original advisory: China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa