Cyber Security News

Silver Fox APT Uses Cyrillic False Flag in Teams SEO Poisoning to Deploy ValleyRAT

CybersecurityNews
Silver Fox APT Uses Cyrillic False Flag in Teams SEO Poisoning to Deploy ValleyRAT

A sophisticated cyber-espionage campaign targeting Chinese organizations uses SEO poisoning and Russian false flags to mislead investigators. The attackers employ malware like ValleyRAT to steal sensitive information and conduct financial theft. #SilverFox #ValleyRAT

Keypoints

  • The Silver Fox APT group launched a campaign targeting Chinese-speaking users since November 2025.
  • The attack relies on SEO poisoning using typo-squatted domains like teamscn[.]com to redirect victims.
  • The malicious ZIP file named МЅТчатѕSetup.zip contains a Russian-language executable to mislead attribution.
  • ValleyRAT malware is deployed to conduct espionage and financial theft against victims.
  • Indicators such as using Cyrillic characters and Russian language are deliberate false flags to confuse attribution efforts.

Read More: https://securityonline.info/silver-fox-apt-uses-cyrillic-false-flag-in-teams-seo-poisoning-to-deploy-valleyrat/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint