The spy who logged me in. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Tech News, News, Daily News, Technology

4.8 • 1.1K Ratings

🗓️ 9 May 2026

⏱️ 24 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Mark Kelly, Staff Threat Researcher at Proofpoint, is discussing their work on "I’d come running back to EU again: TA416 resumes European government espionage campaigns." China-linked threat group TA416 has resumed large-scale phishing and malware campaigns targeting European governments, diplomatic missions tied to the EU and NATO, and more recently Middle Eastern entities following the outbreak of conflict in Iran. The group has continually evolved its tactics between mid-2025 and early 2026, using techniques like fake Cloudflare verification pages, Microsoft OAuth redirect abuse, and malicious C# project files to deliver customized PlugX malware through spearphishing campaigns. Researchers say the renewed activity reflects shifting geopolitical priorities tied to EU-China tensions, the Russia-Ukraine war, and instability in the Middle East, while highlighting TA416’s ongoing focus on intelligence gathering against diplomatic networks. The research and executive brief can be found here: I’d come running back to EU again: TA416 resumes European government espionage campaigns Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:11.3	And now a word from our sponsor, the Center for Cyber Health and Hazard Strategies, also known as
0:17.6	CHHS.
0:19.1	Looking for a graduate degree that will give you an edge on your professional career?
0:22.6	Earn a Master of Science in Law at University of Maryland Carey School of Law.
0:28.6	This part-time two-year online graduate degree program is designed for experienced
0:33.6	professionals to understand laws and policies that impact your industry.
0:38.8	Learn from CHS faculty, who are experts in their field.
0:43.0	No GRE required.
0:44.9	Learn how you can master the law without a JD at law.u-maryland.edu.
0:50.9	Thank you. E.DU. Hello, everyone, and welcome to the CyberWires Research Saturday.
1:05.0	I'm Dave Bittner, and this is our weekly conversation with researchers and analysts tracking down the threats and vulnerabilities,
1:12.9	solving some of the hard problems and protecting ourselves in a rapidly evolving cyberspace.
1:18.7	Thanks for joining us.
1:24.9	So, T-8416 is a China-aligned, espionized threat actor that ProofPoint has been kind of regularly
1:31.8	keeping track of for quite a while. The kind of impetus for this research is we did see
1:38.3	some pretty interesting activity from this red actor since around July of last year, where we saw a significant shift in their targeting,
1:47.1	and we've continued to see some interesting evolutions in their tactics over this period as well.
1:52.1	That's Mark Kelly, threat researcher at ProofPoint.
1:55.0	The research we're discussing today is titled,
1:57.7	I'd Come Running Back to EU Again.
2:00.3	TA416 resumes European government espionage campaigns.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.