Cyber Espionage Group Silver Fox Targets India and Russia with Novel ABCDoor Malware via Tax Impersonation Emails

Urgent: Tax-Themed Phishing Campaign Unleashes ABCDoor Malware on Government Entities

A China-linked cybercrime group known as Silver Fox has been identified as the perpetrator behind a sophisticated phishing campaign that delivers a new malware variant called ABCDoor. The operation specifically targets organizations in India and Russia, using emails that impersonate official tax authorities.

According to cybersecurity researchers who first detected the threat, the attacks began in December 2025 with emails mimicking India's Income Tax Department. A subsequent wave followed shortly after, aimed at Russian entities. This is a highly targeted espionage campaign, not opportunistic crime, said Dr. Elena Vlasova, a threat intelligence analyst at CyberDefense Global. The use of tax authority impersonation shows careful reconnaissance of government processes.

Background

Silver Fox is a well-known cybercrime group with suspected ties to Chinese state-sponsored hacking units. The group has previously targeted critical infrastructure and government agencies across Asia and Europe. Their latest tool, ABCDoor, is a remote access trojan (RAT) that allows attackers to exfiltrate sensitive data, install additional payloads, and maintain persistent access to infected systems.

The phishing emails contain malicious attachments or links that, when opened, execute the ABCDoor malware. The messages are crafted to appear as legitimate tax assessment notices, payment demands, or account verification requests. The attackers exploited a sense of urgency and authority to trick recipients into clicking, noted Mikhail Orlov, a senior malware analyst at SecureTech Labs. Both waves followed a nearly identical operational blueprint, suggesting a centralized command structure.

Technical Details of ABCDoor

ABCDoor operates by establishing encrypted communication with a command-and-control (C2) server. It can capture screenshots, log keystrokes, and steal credentials. The malware also features anti-analysis techniques to evade detection by antivirus software.

Researchers have linked the malware to code similarities with previously used tools by Silver Fox, but ABCDoor includes new obfuscation layers and modular capabilities. This is an evolution of their arsenal, said Dr. Vlasova. They are investing in bespoke malware to stay ahead of defenses.

What This Means

The campaign signals a significant escalation in Silver Fox's targeting scope and sophistication. The simultaneous attacks on India and Russia indicate a coordinated espionage operation rather than random cybercrime. Organizations in both countries should immediately review their email security protocols and conduct network scans for indicators of compromise.

Governments are urged to issue public warnings to their financial and administrative sectors. Furthermore, the use of tax-themed lures underscores the need for enhanced employee training on phishing recognition. We expect copycat groups to adopt similar tactics, warned Orlov. This is not a one-off; it's a harbinger of a new wave of targeted phishing.

Failure to act could result in loss of sensitive financial data, intellectual property, and government secrets. The cybersecurity community is calling for immediate information sharing between affected nations to disrupt Silver Fox's infrastructure.

Additional Recommendations

• Implement multi-factor authentication for email accounts.
• Deploy advanced threat detection systems capable of identifying ABCDoor signatures.
• Restart ongoing incident response drills, especially in tax and finance departments.

The full technical analysis of ABCDoor is expected to be published by CyberDefense Global next week. Meanwhile, any suspicious emails should be reported to national cyber security centers immediately.

This article will be updated as new information becomes available.