Silver Fox Deploys ABCDoor Malware in Phishing Campaign Targeting Russia and India

The China-based cybercrime group Silver Fox (also known as Monarch, SwimSnake, The Great Thief of Valley, UTG-Q-1000, and Void Arachne) has deployed a new malware strain called ABCDoor in a campaign targeting organizations in Russia and India. The attack leveraged phishing emails impersonating the Income Tax Department of India, with activity observed in December 2025. No specific technical details about ABCDoor’s functionality or impact were disclosed in the reported findings. The campaign highlights the group’s continued focus on tax-themed social engineering to compromise targets.