At least since 2023, Silver Fox has been around. At first, the group only went after people who spoke Chinese. Then they moved into Southeast Asia, Japan, and maybe even North America.
This new attack on Japan is part of a pattern that has been seen at this time of year for the past few years. Before attacking, the attackers do reconnaissance on each target and get real employee names and even the names of CEOs to use as fake senders. The subject line of each email has the name of the target company right in it, which makes the message seem like a real internal notification. The emails have either harmful attachments or links that take victims to pages where they are told to download a file.
Once ValleyRAT is installed, the attacker can control the compromised system from anywhere.
This lets them steal private information, watch what users do, and get deeper into the network to set up the next stage of the attack. The infection chain for this campaign is simple but works well. WeLiveSecurity researchers said that employees should check any email about changes to their pay, tax penalties, or personnel updates through a different channel.
People who get emails should also check to see if the sender's email address matches the name that is shown. This is a common sign of spoofing. Organizations should also keep their security software up to date and report any suspicious emails to the IT or security team right away, even if the email looks normal at first.
To learn more about the Silver Fox campaign and how to keep your business safe from fake emails, click here. If you need private help, you can call the Samaritans at 08457 90 90 90 or go to a local branch. For more information, go to www.samaritans.org.
If you're in the U.S., you can call the National Suicide Prevention Lifeline at 1-800-273-8255 or go to http://www.suicidepreventionlifeline.org/.
