A Chinese cyberespionage group has shifted its gaze back to Europe after years of focusing on other parts of the world, Proofpoint research published Wednesday found.

The surge began in mid-2025, with a bevy of issues bubbling up between China and Europe, the company said. Proofpoint labels the government-linked group TA416, but other companies track it as Twill Typhoon, Mustang Panda or other names.

“This renewed focus most heavily targeted individuals or mailboxes associated with diplomatic missions and delegations to NATO and the EU,” Proofpoint’s Mark Kelly and Georgi Mladenov wrote. “TA416’s return to European government targeting occurred during heightened EU–China tensions over trade, the Russia–Ukraine war, and rare earths exports, and commenced immediately following the 25th EU–China summit.”

Separately, the same group took up targeting the Middle East in March after the start of the conflict in Iran, something it had never been spotted doing before, Proofpoint found.

“This aligns with a trend observed by Proofpoint of some state-aligned threat actors shifting targeting toward Middle Eastern government and diplomatic entities in the aftermath of the war,” the firm said. “This likely reflects an effort to gather regional intelligence on the status, trajectory, and broader geopolitical implications of the conflict.”

TA416 was active in Europe in 2022 and 2023, coinciding with the onset of the Ukraine-Russia war, but stepped away from the continent afterward, according to the researchers. Its focus turned to Southeast Asia, Taiwan and Mongolia for a couple years.

The group’s focus on Europe through early 2026 used a variety of web bug and malware delivery methods, including setting up reconnaissance by dangling lures about Europe sending troops to Greenland. It also included phishing emails about humanitarian concerns, interview requests and collaboration proposals, Proofpoint said.

“During this period, TA416 repeatedly altered its initial infection chains while maintaining a consistent goal of loading the group’s customized PlugX backdoor via DLL sideloading triads,” the researchers wrote.

Proofpoint’s is not the only report of late about Chinese cyberespionage groups targeting Europe, with another focused on LinkedIn solicitations to NATO and European institutions.

The post European-Chinese geopolitical issues drive renewed cyberespionage campaign appeared first on CyberScoop.

Taiwan endured a year-long intensified cyber offensive from China in 2025, that targeted the government and critical infrastructure — with an increasing focus on the energy and hospital sectors, according to a Taiwan government analysis published this week.

Cyberattacks from China rose 6% compared to 2024, the National Security Bureau analysis concluded. Every major sector saw intrusion attempts from “China’s cyber army,” with 2.63 million intrusion attempts per day.

The attacks ranged from ransomware attacks attempting to steal data from hospitals and sell it on the dark web, to more politically-oriented missions.

“China’s cyberattacks have been conducted in conjunction with political and military coercive actions,” the bureau wrote. “In 2025, relevant hacking and intrusion operations against Taiwan demonstrated a certain extent of correlation with the joint combat readiness patrols carried out by the People’s Liberation Army. In addition, China would ramp up hacking activities during Taiwan’s major ceremonies, the issuances of important government statements, or overseas visits by high-level Taiwanese officials.”

Beijing considers Taiwan its territory, and U.S. military officials have for years warned of a possible pending Chinese invasion of the island, with predictions that 2027 could be the pivotal year. 

China deployed a variety of hacking techniques in 2025, but exploitation of software and hardware vulnerabilities factored into more than half of the operations, according to Taiwan.

Last year’s revelations about Chinese infiltration of major telecommunications providers extended into Taiwan, with hackers targeting telecom networks there to get into sensitive and backup communications links, the bureau wrote. 

“The hacking activities were also extended to upstream, midstream, and downstream suppliers in the semiconductor and defense sectors,” the bureau said. “Those campaigns sought to steal advanced technologies, industrial plans, and decision-making intelligence.”

The U.S. government should fortify Taiwan against China’s cyber-enabled economy warfare (CEEW), Jack Burnham, a senior research analyst in the China Program at the Foundation for Defense of Democracies, wrote in response to the Taiwan report.

“As Beijing continues to target Taiwan across the cyber domain, the United States should prepare to counter a Chinese CEEW campaign aimed at Taipei,” he wrote. “Washington should strengthen its efforts to work against a potential blockade by practicing convoy operations, pursuing a regional energy stockpile, assisting in strengthening the resilience of Taiwan’s critical infrastructure by deploying technical advisors, and signaling its resolve to deter Beijing well in advance of a potential crisis.”

China routinely denies all hacking allegations, and has leveled its own accusations of hacking malfeasance at Taiwan.

The post Taiwan blames Chinese ‘cyber army’ for rise in millions of daily intrusion attempts appeared first on CyberScoop.