By Priya
Publication Date: 2025-12-09 13:51:00
A new campaign by the Chinese state-linked advanced persistent threat (APT) group Silver Fox (also known as Void Arachne) has been uncovered, using search engine optimization (SEO) poisoning to distribute fake Microsoft Teams installers targeting Chinese-speaking users.
According to a ReliaQuest analysis, the threat actors have incorporated Cyrillic characters in filenames and user interfaces to mislead investigators into attributing the attack to Russian threat groups.
Active since November 2025, the ongoing operation deploys a modified version of ValleyRAT, a remote access trojan (RAT) commonly associated with Chinese APT activity.
The attackers’ objectives are twofold: gathering sensitive intelligence through espionage and committing financial fraud to fund future operations.
Fake Microsoft Teams Campaign
The campaign lures victims via SEO-manipulated pages that masquerade as genuine Microsoft Teams download sites.
The malicious domain…
