Sekoia.ioMar 25
#SilverFox is a China-based intrusion set operating on a unique "dual-track" model. While often tracked for their APT-style espionage, our telemetry shows they continuously run broad, opportunistic cybercrime campaigns targeting entities across South Asia. https://buff.ly/KPXIytD
Show threadSekoia.ioMar 25
In this deep-dive analysis, our Threat Detection & Research (#TDR) team unmasks their massive 2025-2026 campaign and rapidly evolving infection chains.
Show threadSekoia.ioMar 25
Key findings:
🎣 Deceptive Lures: Consistently impersonates national taxation authorities or uses fake payroll documents to trick victims into executing payloads.
🌊 3-Wave Arsenal Evolution: Between 2025 and 2026, their attack chains shifted significantly to evade detection.
Show threadSekoia.io
🛠️ RMM Abuse: Transitioned from deploying ValleyRAT via malicious PDFs to abusing Chinese RMM tools.
🐍 Custom Payloads: Recently observed dropping a custom Python-based stealer embedded in a Python installer.
Mar 25 at 8:15amWeb
Show threadSekoia.ioMar 25
Agile and persistent, Silver Fox successfully blends into the noise of traditional cybercrime while maintaining the capacity for advanced intelligence collection.