VERY IMPORTANT

The Chinese APT group Silver Fox has launched an SEO poisoning campaign targeting Chinese-speaking users, impersonating Microsoft Teams. The campaign uses a modified ValleyRAT loader with Cyrillic elements to mislead attribution. Silver Fox aims to conduct espionage and financial fraud, posing a significant threat due to its dual mission. The attack chain involves a fake Teams website, malicious ZIP files, and binary data retrieval from XML and JSON files. The malware exploits rundll32.exe for binary proxy execution and establishes C2 communication. Attribution to Silver Fox is based on overlapping infrastructure and links to previous campaigns. Organizations with global operations, especially in China, are advised to implement robust security measures and logging capabilities to defend against this evolving threat.