Bottom line: TA4922 expands from its focus on East Asia to Europe, deploying AI-powered malware and social engineering on messenger platforms to achieve financial gain.
The Chinese-speaking cybercriminal group TA4922 has massively expanded its attacks to Europe, leveraging AI-generated phishing campaigns. Proofpoint documents for the first time targeted operations against organizations in Germany, the United Kingdom, and Italy.
The cybercriminal group TA4922 has previously been known primarily for attacks targeting entities in Japan, Taiwan, South Korea, Singapore, and India. IT security firm Proofpoint now reports significant geographic expansion: organizations in the United Kingdom, Italy, Germany, and South Africa have been systematically targeted in recent months. Unlike other Chinese actors such as Silver Fox or Void Arachne, with whom TA4922 shares infrastructure and tools, the focus is not on state-sponsored espionage but on financial gain: persistent remote network access, data theft, sale of access credentials, and credit card fraud.