Researchers have identified a significant expansion in the activities of the Silver Fox threat group, which is currently targeting organizations in India and Russia with tax-themed phishing campaigns. The attack chain utilizes a modified version of the open-source RustSL loader to deliver the ValleyRAT backdoor. These campaigns employ sophisticated techniques, including steganography-like unpacking logic and geofencing to ensure payloads only execute in specific geographic regions.
The investigation also uncovered "ABCDoor," a previously undocumented Python-based backdoor utilized by Silver Fox since late 2024. ABCDoor features modular capabilities for remote control, file management, and screen broadcasting via FFmpeg. By leveraging legitimate environments like Python and masking activities within directories associated with software like Tailscale, the group demonstrates a high level of technical adaptability and persistence in its operations across the industrial, retail, and transportation sectors.
Top comments (0)