The spy who logged me in. Podcasts Research Saturday Ep 424 Ep 424 | 5.9.26 The spy who logged me in. Subscribe Apple Podcasts Apple Podcasts Spotify Overcast Overcast Castbox RSS Show Notes Transcript Mark Kelly , Staff Threat Researcher at Proofpoint , is discussing their work on "I’d come running back to EU again: TA416 resumes European government espionage campaigns." China-linked threat group TA416 has resumed large-scale phishing and malware campaigns targeting European governments, diplomatic missions tied to the EU and NATO, and more recently Middle Eastern entities following the outbreak of conflict in Iran.
The group has continually evolved its tactics between mid-2025 and early 2026, using techniques like fake Cloudflare verification pages, Microsoft OAuth redirect abuse, and malicious C# project files to deliver customized PlugX malware through spearphishing campaigns. Researchers say the renewed activity reflects shifting geopolitical priorities tied to EU-China tensions, the Russia-Ukraine war, and instability in the Middle East, while highlighting TA416’s ongoing focus on intelligence gathering against diplomatic networks.
The research and executive brief can be found here: I’d come running back to EU again: TA416 resumes European government espionage campaigns Research Saturday Podcast Info HOST(S): Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Follow Dave Bittner Schedule: Saturdays Creator: N2K Networks, Inc.