By The Hacker News
Publication Date: 2025-12-04 17:25:00
The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China.
The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloading a malicious setup file that leads to the deployment of ValleyRAT (Winos 4.0), a known malware associated with the Chinese cybercrime group. The activity has been underway since November 2025.
“This campaign targets Chinese-speaking users, including those within Western organizations operating in China, using a modified ‘ValleyRAT’ loader containing Cyrillic elements – likely an intentional move to mislead attribution,” ReliaQuest researcher Hayden Evans said in a report shared with The Hacker News.
ValleyRAT, a variant of Gh0st RAT, allows threat actors to remotely control infected systems, exfiltrate sensitive data, execute arbitrary commands, and maintain long-term persistence…
