Chinese APT group Silver Fox has launched a tax-themed phishing campaign targeting organizations in India and Russia, delivering over 1,600 malicious emails impersonating tax authorities. The attacks deploy a previously undocumented Python backdoor called ABCDoor alongside the known ValleyRAT malware and a customized Rust-based loader. ABCDoor establishes persistence via Windows Registry Run keys, communicates over HTTPS using Socket.IO, and supports screen streaming, remote control, clipboard theft, and file operations while hiding under a legitimate pythonw.exe process. The campaign marks a geographic expansion for Silver Fox, which typically targets Taiwan, North America, and Japan. Security experts recommend an 'assume breach' posture combined with email filtering, endpoint detection, least-privilege access, and continuous attack surface visibility.
Table of contents
Tax Scams Show Universal ReachABCDoor: A Stealthy New Backdoor MalwareExpanding Geographic Reach for CyberattacksEmail Vigilance Remains a PrioritySort: