Find notable cyber news and cases, enriched with sources, timelines, and signals.

Silver Fox Microsoft Teams SEO poisoning campaign

Campaign
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

The Silver Fox operation is using SEO poisoning and Microsoft Teams lures to deliver ValleyRAT to Chinese-speaking users in China, making the campaign an active access and persistence threat. The activity has been running since November 2025 and uses a fake Teams download path to trick users into installing malware. The false-flag setup also uses Cyrillic elements to complicate attribution and obscure the operator's identity. Successful infections can enable remote control, data theft, and long-term persistence inside targeted networks.

Related Happenings

Y2K Operators Millenium RAT social-engineering distribution campaign

Campaign
H score73 First: 29.06.2026 17:30 Last: 29.06.2026 17:30 Sources 1

About this happening: The **Y2K Operators** are running a **social-engineering distribution campaign** that spreads **Millenium RAT** through **booby-trapped downloads**, exposing users to remote compr...

KongTuke ClickFix and Teams access-seeking campaign

Campaign
H score33 First: 25.06.2026 11:54 Last: 25.06.2026 11:54 Sources 1

About this happening: The **KongTuke** operation is using **ClickFix** lures and **Microsoft Teams** messages to widen access-seeking attacks against **multiple organizations**, increasing the risk of...

TA4922 expanded European phishing-and-malware campaign

Campaign
H score40 First: 04.06.2026 00:45 Last: 04.06.2026 00:45 Sources 1

About this happening: **TA4922** is a **China-linked** cybercrime campaign that has expanded from **East Asia** into **Europe and Africa**, including **the U.K., Germany, Italy, and South Africa**. The...

Silver Fox tax-themed phishing campaign delivering ABCDoor and ValleyRAT

Campaign
H score36 First: 04.05.2026 14:57 Last: 04.05.2026 14:57 Sources 1

About this happening: **Silver Fox** is running a **tax-themed phishing campaign** that now targets **India** with **Income Tax Department** lures and delivers **ValleyRAT (aka Winos 4.0)**. The campai...

Silver Fox South Asia phishing campaign

Campaign
H score34 First: 24.03.2026 18:00 Last: 24.03.2026 18:00 Sources 1

About this happening: The **Silver Fox** campaign now includes **BYOVD** abuse of a previously unknown **WatchDog Anti-malware** driver, **amsdk.sys (version 1.0.600)**, to disable security tools on co...

Timeline

  1. 04.12.2025 19:25 2 articles · 7mo ago

    Silver Fox Microsoft Teams SEO poisoning campaign delivers ValleyRAT in China

    Initial Disclosure

    Silver Fox is running a false-flag SEO poisoning campaign against organizations in China and Chinese-speaking users inside Western organizations operating in China, using bogus Microsoft Teams download pages to deliver ValleyRAT (Winos 4.0). The chain retrieves MSTчamsSetup.zip from an Alibaba Cloud URL, drops a trojanized Setup.exe, sets Microsoft Defender Antivirus exclusions, stages files such as Profiler.json and GPUCache.xml, injects the malware into rundll32.exe, and fetches a final payload for remote control. The activity has been underway since November 2025 and uses Cyrillic elements to complicate attribution.

    Show sources