Chinese Hackers Hijack European Networks for Espionage

Ink Dragon Compromised IIS Networks to Relay ShadowPad Malware Akshaya Asokan (asokan_akshaya) • December 17, 2025

A Chinese hacking group is using compromised European government networks as relay nodes to route commands and support other hacking operations.

See Also: Going Beyond the Copilot Pilot - A CISO's Perspective

Security firm Check Point attributed the campaign to a Chinese cyberespionage group it tracks as "Ink Dragon." The latest campaign is the first time the group has been observed targeting European networks. Previously, it mainly targeted victims in Asia and South America.

A key aspect of Ink Dragon's tradecraft, the firm said, is its use of compromised organizations for command and control. "As a result, we have observed European victims being leveraged to launch activity not only against additional European institutions, but also against targets in Africa and Southeast Asia."

The campaign began with attackers exploiting flaws in web-facing ...