Back

Silver Fox Targets Japanese Firms with Spearphishing During Tax Season

Severity: High (Score: 69.5)

Sources: Cybersecuritynews, Gbhackers, Infosecurity-Magazine, Welivesecurity

Summary

The Silver Fox cyber threat group is conducting a targeted spearphishing campaign against Japanese businesses, particularly manufacturers, during the annual tax filing and corporate restructuring season. The attackers exploit the high volume of legitimate financial and HR communications, using emails that impersonate internal departments and executives. Common phishing lures include tax compliance violations and salary adjustments, which make employees more likely to trust and act on these messages. The campaign has been active since at least 2023 and has expanded from Chinese-speaking targets to include Japan and Southeast Asia. The malicious emails typically contain links or attachments that deploy ValleyRAT, a remote access trojan, allowing attackers to gain unauthorized access to systems. Silver Fox has a history of aligning its operations with regional business cycles, as similar phishing activity was observed in Japan last year. Organizations are advised to enhance employee awareness and verify all financial requests through separate communication channels. Key Points: • Silver Fox is targeting Japanese firms with tax-themed spearphishing emails. • The campaign exploits the busy tax season, increasing the likelihood of employee trust. • Malicious emails often contain links or attachments that deploy ValleyRAT malware.

Key Entities

  • Silver Fox (apt_group)
  • Silver Fox Intrusion Group (apt_group)
  • SwimSnake (apt_group)
  • Void Arachne (apt_group)
  • Malware (attack_type)
  • Phishing (attack_type)
  • Supply Chain Attack (attack_type)
  • AtlasCross RAT Malware Campaign (campaign)
  • Silver Fox Campaign (campaign)
  • Silver Fox Campaigns (campaign)
  • Silver Fox Tax Audit Phishing Campaign (campaign)
  • Tax Audit Phishing Campaign (campaign)
  • India (country)
  • Indonesia (country)
  • Japan (country)
  • Malaysia (country)
  • Philippines (country)
  • Cybersecurity (industry)
  • Finance (industry)
  • Financial (industry)
  • Gaming (industry)
  • Government (industry)
  • Education (company)
  • AtlasCross RAT (malware)
  • HoldingHands (malware)
  • Python Stealers (malware)
  • ValleyRat (malware)
  • T1003 - OS Credential Dumping (mitre_attack)
  • T1566.001 - Spearphishing Attachment (mitre_attack)
  • T1566.002 - Spearphishing Link (mitre_attack)
  • T1566 - Phishing (mitre_attack)
  • T1574 - Hijack Execution Flow (mitre_attack)
  • WhatsApp (platform)
  • Windows (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed