A Chinese cyberespionage group has shifted its gaze back to Europe after years of focusing on other parts of the world, Proofpoint research published Wednesday found.

The surge began in mid-2025, with a bevy of issues bubbling up between China and Europe, the company said. Proofpoint labels the government-linked group TA416, but other companies track it as Twill Typhoon, Mustang Panda or other names.

“This renewed focus most heavily targeted individuals or mailboxes associated with diplomatic missions and delegations to NATO and the EU,” Proofpoint’s Mark Kelly and Georgi Mladenov wrote. “TA416’s return to European government targeting occurred during heightened EU–China tensions over trade, the Russia–Ukraine war, and rare earths exports, and commenced immediately following the 25th EU–China summit.”

Separately, the same group took up targeting the Middle East in March after the start of the conflict in Iran, something it had never been spotted doing before, Proofpoint found.

“This aligns with a trend observed by Proofpoint of some state-aligned threat actors shifting targeting toward Middle Eastern government and diplomatic entities in the aftermath of the war,” the firm said. “This likely reflects an effort to gather regional intelligence on the status, trajectory, and broader geopolitical implications of the conflict.”

TA416 was active in Europe in 2022 and 2023, coinciding with the onset of the Ukraine-Russia war, but stepped away from the continent afterward, according to the researchers. Its focus turned to Southeast Asia, Taiwan and Mongolia for a couple years.

The group’s focus on Europe through early 2026 used a variety of web bug and malware delivery methods, including setting up reconnaissance by dangling lures about Europe sending troops to Greenland. It also included phishing emails about humanitarian concerns, interview requests and collaboration proposals, Proofpoint said.

“During this period, TA416 repeatedly altered its initial infection chains while maintaining a consistent goal of loading the group’s customized PlugX backdoor via DLL sideloading triads,” the researchers wrote.

Proofpoint’s is not the only report of late about Chinese cyberespionage groups targeting Europe, with another focused on LinkedIn solicitations to NATO and European institutions.

The post European-Chinese geopolitical issues drive renewed cyberespionage campaign appeared first on CyberScoop.

A global law enforcement effort has taken root to combat The Com, a sprawling nihilistic network of thousands of minors and young adults engaged in various forms of cybercrime, including physical violence and extortion.

Project Compass, an operation coordinated by Europol with support from 28 countries, including all members of the Five Eyes, has resulted in the arrest of 30 perpetrators since the initiative got underway in January 2025, authorities said in a news release Thursday. 

Officials said sustained countermeasures have contributed to the full and partial identification of 179 perpetrators, while the operation has also safeguarded four victims and identified up to 62 victims. 

The Com is splintered into three primary subsets with different objectives the FBI describes as Hacker Com, In Real Life Com and Extortion Com. Crimes attributed to group members have grown increasingly complex, with perpetrators going to great lengths to mask identities, hide financial transactions and launder money. 

“These networks deliberately target children in the digital spaces where they feel most at ease,” Anna Sjöberg, head of Europol’s European Counter Terrorism Centre, said in a statement.

Various branches of The Com have been linked to high-profile crimes over the past few years, and law enforcement has responded with heightened activity and interest in the group’s activities. 

The Com is vast — many perpetrators remain at large and even more victims are still suffering and awaiting aid. 

This growing global effort to thwart shifting crime trends with appropriate resources has built a foundation that will foster results beyond those achieved to date, said Allison Nixon, chief research officer at Unit 221B.

“How do you eat an elephant? One bite at a time,” she told CyberScoop. “The Com represents a major social problem impacting youth, and peoples’ expectations need to be realistic. These early numbers and ramping up effort over time is what success looks like and we need to encourage that.”

An effective police response to The Com requires a different way of thinking and retooling, “but it is more solvable than crime originating from hostile nations,” Nixon said.

Project Compass is built around an information-sharing network, which enables each of the partner nations to assist with investigations across various specialized units. Countries are also sharing advice for preventative measures and mobilizing data sprints to bring intelligence together for ongoing cases.

“Project Compass allows us to intervene earlier, safeguard victims and disrupt those who exploit vulnerability for extremist purposes,” Sjöberg said. “No country can address this threat alone — and through this cooperation, we are closing the gaps they try to hide in.”

Europol did not identify the 30 people arrested under Project Compass thus far. Yet, at least some of those cases are public. 

Authorities during the past year have arrested multiple members of a Com offshoot known as 764, which is a growing online threat to coerce vulnerable children to produce child sexual abuse material of themselves, gor material, self mutilation, sibling abuse, animal abuses and other acts of violence. 

Two alleged leaders of 764, Leonidas Varagiannis and Prasan Nepal, were arrested and charged for directing and distributing CSAM in April.

Tony Christoper Long and Alexis Aldair Chavez both pleaded guilty late last year to multiple crimes linked to their involvement with the extremist group. Other alleged 764 members have been arrested in the United States more recently, including Erik Lee Madison and Aaron Corey.

The post Project Compass is Europol’s new playbook for taking on The Com appeared first on CyberScoop.

Impact statement: As early as 19:46 UTC on 2 February 2026, we became aware of an issue causing customers to receive error notifications when performing service management operations - such as create, delete, update, scaling, start, stop - for Virtual Machines (VMs) affecting multiple regions. These issues are also impacting services with dependencies on these service management operations - including Azure Arc Enabled Servers, Azure Batch, Azure Cache for Redis, Azure Container Apps, Azure DevOps (ADO), Azure Kubernetes Service (AKS), Azure Backup, Azure Load Testing, Azure Firewall, Azure Search, Azure Virtual Machine Scale Sets (VMSS), GitHub (see https://www.githubstatus.com)..

Current status: We determined that these issues were caused by a recent configuration change that affected public access to certain Microsoft‑managed storage accounts, used to host extension packages. We have applied our mitigation across all impacted regions and have performed validation checks to ensure that all affected resources have had their configurations updated. At this stage, customers should see signs of recovery across regions. We are currently monitoring downstream services for any further impact. Our next update will be provided by 08:00 UTC, approximately 2 hours from now, or sooner if we have progress to share.

Artem Aleksandrovych Stryzhak, a 35-year-old Ukrainian national, pleaded guilty Friday to multiple crimes stemming from his involvement in a string of ransomware attacks targeting U.S. and Europe-based organizations from mid 2018 to late 2021. He faces up to 10 years in jail for conspiracy to commit fraud, including extortion. 

Stryzhak was arrested in Spain in June 2024 and extradited to the United States in April. Authorities are still looking for his alleged co-conspirator Volodymyr Tymoshchuk and announced a $11 million reward for information leading to his arrest or conviction.

“The defendant used Nefilim ransomware to target high-revenue companies in the United States, steal data and extort victims,” Joseph Nocella, U.S. attorney for the Eastern District of New York, said in a statement.

“We remain determined to capture Stryzhak’s codefendant and partner in crime, Volodymyr Tymoshchuk, and bring him to justice in a U.S. courtroom,” Nocella added. Officials accuse Tymoshchuk of acting as an administrator of the Nefilim ransomware group and described him as a serial cybercriminal associated with multiple ransomware strains.

Attacks involving Nefilim ransomware caused millions of dollars in losses from extortion payments and damage to victim networks, officials said. Stryzhak and his co-conspirators allegedly customized executable ransomware files for each victim, creating unique decryption keys and unique ransom notes. 

The ransomware group primarily targeted companies located in the United States, Canada and Australia with more than $100 million in annual revenue, and extorted victims by threatening to publish stolen data. The crew researched companies after they broke into their networks to determine their net worth, size and contact information.

Stryzhak’s victims in the U.S. include an engineering consulting company based in France, an aviation industry company in New York, a chemical company in Ohio, an insurance company in Illinois, a company in the construction industry in Texas, a pet care company in Missouri, an international eyewear company and a company in the oil and gas transportation industry. 

Stryzhak and his co-conspirators also used Nefilim ransomware to encrypt victim networks in Germany, the Netherlands, Norway and Switzerland, prosecutors said. 

Officials said Stryzhak’s crimes began when he gained access to the Nefilim ransomware code in June 2021 in exchange for 20% of his ransom proceeds.

“Cybercriminals may hide behind screens, but they leave digital footprints everywhere,” Christopher Johnson, special agent in charge of the FBI’s field office in Springfield, Illinois, said in a statement. 

“The FBI follows these digital trails relentlessly — across networks, borders, and time — until those responsible are held accountable,” Johnson added. “Today is a remarkable accomplishment, but we will not stop until we have captured all those responsible for the Nefilim ransomware.”

The post Ukrainian national pleads guilty to Nefilim ransomware attacks appeared first on CyberScoop.