In March 2022, Chinese state-affiliated threat actors targeted European diplomatic institutions with phishing emails related to the ongoing Russia-Ukraine crisis. Google and cybersecurity firm Proofpoint identified Mustang Panda and RedDelta — two interrelated cyber threat actors backed by the Chinese state —as the senders of phishing emails. RedDelta used a hacked email address of a diplomat from a European NATO member state to send such phishing emails to other countries’ diplomatic offices. These emails were embedded with tracking pixels and contained an attached malicious zip file entitled “Situation at the EU borders with Ukraine.zip.” The zip file’s name sought to capitalize on the anticipated refugee crisis driven by the ongoing Russia-Ukraine conflict. If opened, the zip file downloaded additional files while the tracking pixels signaled to the hackers that the user had opened the email and was more susceptible to future attack.