Silver Fox Deploys ABCDoor Malware via Tax Phishing in India and Russia
The China-based cybercrime group Silver Fox has launched a new campaign deploying ABCDoor malware, primarily targeting organizations in India and Russia. The Hacker News reports that the initial wave in December 2025 involved sophisticated phishing emails impersonating the Indian Income Tax Department. A subsequent, nearly identical campaign then targeted Russian entities.
This isn’t just opportunistic spam. Silver Fox is known for its persistent, financially motivated operations. The use of a new, custom backdoor like ABCDoor indicates a strategic investment in maintaining stealthy, long-term access to compromised networks. Their tactic of mimicking tax authorities is a classic social engineering play, highly effective due to the inherent urgency and perceived legitimacy of government communications.
For defenders, this highlights a critical problem: attackers are constantly refining their initial access vectors. Phishing remains the top vector for a reason. Silver Fox’s ability to tailor campaigns for different geographies with convincing lures means organizations need to move beyond generic awareness training. Assume your users will click. Focus on robust endpoint detection, network segmentation, and rapid incident response to contain the inevitable compromise.
What This Means For You
- If your organization operates in India or Russia, or has supply chain connections there, assume you are a target for Silver Fox. Immediately reinforce phishing defenses, paying close attention to email gateway rules and user education on tax-themed lures. Implement robust endpoint detection and response (EDR) to catch the ABCDoor malware if it bypasses initial filters. Audit network logs for unusual outbound connections from user workstations.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| SilverFox-ABCMalware-2025 | Malware | ABCMalware |
| SilverFox-ABCMalware-2025 | Phishing | Tax-themed phishing emails mimicking Income Tax Department of India |
| SilverFox-ABCMalware-2025 | Threat Actor | Silver Fox (China-based cybercrime group) |
| SilverFox-ABCMalware-2025 | Targeted Region | India |
| SilverFox-ABCMalware-2025 | Targeted Region | Russia |
Written by SCW Vulnerability Desk
Related coverage on
MOVEit Automation Critical Auth Bypass Flaw Requires Immediate Patch
Progress Software has issued an urgent warning regarding a critical authentication bypass vulnerability in its MOVEit Automation managed file transfer (MFT) application. BleepingComputer reports that...
Kaikatsu Club Breach: 17-Year-Old Exposes 7 Million Users for Pokémon Cards
A 17-year-old in Osaka was arrested on December 4, 2025, under Japan's Unauthorized Access Prohibition Act for extracting personal data from over 7 million users...
CISA Warns: 'Copy Fail' Linux Root Vulnerability Actively Exploited
CISA has issued an urgent warning: the 'Copy Fail' Linux security vulnerability (CVE-2024-XXXX) is now being actively exploited in the wild. This critical flaw, disclosed...