The hacker group known as Silver Fox has been identified executing a deceptive operation aimed at impersonating a Russian hacking group while targeting Chinese organizations. This campaign, which began in November 2025, employs search engine optimization (SEO) techniques to mislead users into downloading malicious software disguised as a legitimate Microsoft Teams installer.
According to research from ReliaQuest, the campaign specifically targets Chinese-speaking users, including employees of Western firms in China, and features a modified version of the ValleyRAT malware. This malware is known for enabling remote access to compromised systems, allowing hackers to exfiltrate sensitive information and maintain persistent access.
The attack involves redirecting users to a counterfeit website that presents an option to download Microsoft Teams. However, the actual file, "MSTчamsSetup.zip," contains a trojanized "Setup.exe" file disguised as Microsoft Teams. This malicious file is designed to evade detection by modifying security settings and executing hidden commands.
Once executed, the malware creates several additional files in the system that facilitate the hacker’s long-term access. It connects to an external server to retrieve further payloads, enhancing the attacker’s control over the compromised system.
The researcher Hayden Evans indicated that the operation is likely financially motivated, aiming to gain through theft, scams, and potential geopolitical intelligence gathering. The implications for victims include severe risks such as data breaches and financial losses, while Silver Fox manages to operate under the veil of plausible deniability.
In addition to the ongoing deception with Microsoft Teams, another wave of ValleyRAT attacks has been reported, characterized by using a trojanized Telegram installer in a multi-stage infection process. These complex strategies display how threat actors adapt and evolve tactics, exploiting various platforms to deliver malware while obstructing detection measures.
Overall, the revelation highlights the ongoing threats posed by sophisticated hacking groups like Silver Fox, and the importance for organizations to remain vigilant against such evolving cyber threats.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.