Silver Fox Targets Indian Tax Systems With ValleyRAT

Cybersecurity researchers in 2025 report that the APT group Silver Fox is conducting tax-themed phishing campaigns in India, impersonating the Income Tax Department to distribute ValleyRAT remote-access trojan. Campaigns use NSIS installers, DLL search-order hijacking, and modular payloads to gain persistence, exfiltrate data, and disable security tools. The activity threatens government and financial sectors and calls for stronger EDR, email gateways, and patching.
Key Points
- 1Deploys ValleyRAT via tax-themed phishing emails exploiting DLL hijacking and NSIS installers
- 2Attributed to China-linked APT, reflecting strategic espionage amid Sino-Indian tensions
- 3Mandates EDR, email gateways, patching, phishing training, and threat-intel sharing for mitigation
Scoring Rationale
Timely, actionable APT intelligence with multiple vendor corroboration; limited by regional focus and no novel technical breakthrough.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
