# Chinese group TA4922 deploys Atlas RAT in European cyberattacks

_Wednesday, June 3, 2026 at 8:01 PM EDT · Cybersecurity · Latest · Tier 2 — Notable_

A Chinese-speaking cybercrime group tracked as TA4922 has expanded operations to Europe.

The actor has targeted organizations in Germany, Italy, the United Kingdom, and South Africa since March. It uses phishing lures impersonating payroll, tax, and government notices.

TA4922 deployed Atlas RAT, which supports file theft, keylogging, screenshot capture, and audio and webcam recording. The group also used RomulusLoader, SilentRunLoader, and Winos4.0 malware.

Proofpoint reports TA4922 conducts more unique campaigns than any other tracked cybercrime actor. Malware capabilities include potential surveillance features that could be sold to espionage groups.

## Sources


---
Canonical: https://techandbusiness.org/newswire/editor-9401617
Retrieved: 2026-06-04T02:39:28.081Z
Publisher: Tech & Business (techandbusiness.org)