Skip to content

China-Linked Group TA4922 Expands Phishing Campaigns to Europe and Africa

The Bottom Line: Chinese-linked cyber group TA4922 increasingly targets European and South African organizations with phishing attacks using continually evolved RAT malware families.

The Chinese-linked cybercrime group TA4922 has expanded its attack targets to organizations in the United Kingdom, Germany, Italy, and South Africa. The group operates at a high operational tempo and leverages an evolving malware portfolio, including ValleyRAT (also known as Winos 4.0) and Atlas RAT.

The cyber crime group TA4922 with connections to China is directing its phishing campaigns specifically at European and South African organizations. Companies and institutions in the United Kingdom, Germany, Italy, and South Africa are affected.

The attackers operate at a high operational tempo and employ a continuously evolving malware arsenal. Known deployed malware families include ValleyRAT (also known as Winos 4.0) and Atlas RAT (AtlasCross RAT). In addition, the group uses other malware variants, some of which have not been previously publicly documented.

For CISOs in the affected regions, this geographic expansion represents an elevated threat landscape. The accelerated operational pattern indicates well-resourced and operational attackers who regularly adapt their attack methods. Phishing remains a frequent initial entry point, making employee training and email security measures critical.

Organizations should review their incident response plans and enhance detection capabilities for the mentioned RAT families. Monitoring for behaviors associated with remote access trojan activities becomes a priority.


Source: thehackernews.com · Published June 4, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.

Share on: