Silver Fox intensifies its attacks: the new ABCDoor malware and phishing
The Silver Fox group is deploying the ABCDoor malware through tax-themed phishing campaigns targeting organizations in India and Russia.

The rise of Silver Fox and the threat of ABCDoor
The global cybersecurity landscape is facing a new threat from the Chinese-based cybercrime group known as Silver Fox. Recently, a sophisticated campaign has been detected using a new malware called ABCDoor to compromise the infrastructure of various organizations, with a strong geographic focus on India and Russia.
This group has demonstrated remarkable technical adaptability, using social engineering tactics to evade traditional defenses. Unlike other groups that seek massive ransomware deployment, Silver Fox appears to prioritize persistent access and the exfiltration of sensitive data.
Phishing as the primary attack vector
The strategy used by Silver Fox is based on deception through impersonation emails. In December 2025, the group launched a wave of messages mimicking official communications from the Income Tax Department of India. Shortly after, they replicated an almost identical tactic targeting Russian entities.
"Both waves followed a nearly identical methodology, demonstrating an operational standardization that facilitates the scalability of the attack," security experts note.
These types of campaigns underscore the importance of remaining alert to phishing, a vector that remains the favorite entry point for exploiting any human or technical vulnerability in companies.
How to protect yourself against these campaigns?
The sophistication of ABCDoor reminds us that no system is impenetrable. Prevention involves not only patching software but also implementing robust security layers:
- Staff training: Train employees to identify suspicious emails that mimic government agencies.
- Network monitoring: Detect unusual connections to command and control (C2) servers.
- Patch management: Keeping systems updated is vital, especially when threats emerge, such as the recent CISA alert on a critical Linux vulnerability under active exploitation.
In conclusion, the hack perpetrated by Silver Fox is a reminder that attackers are constantly refining their methods. The combination of custom malware and sector-specific phishing campaigns requires organizations to adopt a proactive, zero-trust security approach.
Related articles
11 de julio de 2026
Condemna històrica: membre de la banda Ryuk ransomware admet la seva culpabilitat
Un ciutadà armeni es declara culpable als EUA pel desplegament de ransomware Ryuk, afrontant una possible sentència de 15 anys de presó.
11 de julio de 2026
Historic Conviction: Ryuk Ransomware Gang Member Admits Guilt
An Armenian national pleads guilty in the U.S. for deploying Ryuk ransomware and faces a potential 15-year prison sentence.
11 de julio de 2026
Condena histórica: miembro de la banda Ryuk ransomware admite su culpa
Un ciudadano armenio se declara culpable en EE. UU. por el despliegue de ransomware Ryuk, enfrentando una posible sentencia de 15 años de prisión.
10 de julio de 2026
Hackers exploten Microsoft Entra: Nova vulnerabilitat en passkeys
Un grup d'actors maliciosos utilitza enginyeria social per comprometre comptes de Microsoft 365 mitjançant falsos registres de passkeys a Entra.
Loading comments...