Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Tax-themed phishing campaign targeting Indian users with persistent access payloads

Campaign
First reported
Last updated
Happening score
H score 34
1 unique sources, 1 articles

Summary

Hide ▲

An ongoing tax-themed phishing campaign is targeting Indian users with a multi-stage backdoor, creating persistent access for continuous monitoring and data exfiltration. The operation uses fake Income Tax Department of India notices, making the lure relevant and increasing the likelihood of successful compromise.

Related Happenings

Silver Fox tax-themed phishing campaign delivering ABCDoor and ValleyRAT

Campaign
First: 04.05.2026 14:57 Last: 04.05.2026 14:57 Sources 1

About this happening: **Silver Fox** is running a **tax-themed phishing campaign** that now targets **India** with **Income Tax Department** lures and delivers **ValleyRAT (aka Winos 4.0)**. The campai...

Open Happening

Blackmoon (KRBanker) malware variant deployed via DLL sideloading and staged payloads

Malware Activity
First: 26.01.2026 19:01 Last: 26.01.2026 19:01 Sources 1

How related: This is achieved by means of a DLL that's assessed to be a variant of the Blackmoon malware family, which is known for targeting businesses in South Korea, the U.S., and Canada.

About this happening: A **Blackmoon (KRBanker)** malware variant is being deployed through **DLL sideloading** and staged payload delivery, giving operators persistent control over compromised hosts an...

Open Happening

Multi-stage phishing campaign targeting users in Russia with Amnesia RAT and ransomware

Campaign
First: 24.01.2026 13:09 Last: 24.01.2026 13:09 Sources 1

About this happening: A **multi-stage phishing campaign** is targeting **users in Russia**, delivering **Amnesia RAT** and **ransomware** that enable **credential theft**, **remote control**, and destr...

Open Happening

ESentire-observed account compromise surged 389% in 2025

Target Trend
First: 16.01.2026 13:40 Last: 16.01.2026 13:40 Sources 1

About this happening: **Account compromise** surged **389% year over year** in **2025**, making it the dominant observed attack pattern and increasing **credential theft** and **account takeover** risk...

Open Happening

Timeline

  1. 26.01.2026 19:01 2 articles · 4mo ago

    Tax-themed phishing campaign targets Indian users with multi-stage backdoor

    Initial Disclosure

    Phishing emails impersonating the Income Tax Department of India lure Indian users into opening a malicious archive that installs a multi-stage backdoor chain using DLL sideloading, a COM-based User Account Control (UAC) bypass, PEB masquerading as explorer.exe, and a next-stage payload fetched from eaxwwyr[.]cn. The operation is assessed to provide persistent access for continuous monitoring and data exfiltration, and to deploy Blackmoon (aka KRBanker) alongside SyncFuture TSM for remote control, logging, and security-software evasion without attribution to any known threat actor or group.

    Show sources
    Open in new tab