VulnHub

Real-time Cybersecurity News

Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India

Securelist
Actively Exploited
Malware

Overview

The Silver Fox group is actively targeting organizations in Russia and India by impersonating tax authorities. They are distributing two types of malware: ValleyRAT and the newly identified ABCDoor backdoor. This tactic not only exploits trust in governmental entities but also poses significant risks to sensitive data and organizational operations. The use of these backdoors can allow attackers to gain unauthorized access to networks, potentially leading to data breaches and operational disruptions. Companies in these regions should be vigilant and ensure their cybersecurity measures are robust against such impersonation attacks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: ValleyRAT, ABCDoor backdoor
  • Action Required: Organizations should enhance their email filtering and verification processes, regularly update their security protocols, and educate employees about recognizing phishing attempts.
  • Timeline: Newly disclosed

Original Article Summary

The Silver Fox group is targeting companies in Russia and India by impersonating tax authorities to distribute ValleyRAT and the new ABCDoor backdoor.

Impact

ValleyRAT, ABCDoor backdoor

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should enhance their email filtering and verification processes, regularly update their security protocols, and educate employees about recognizing phishing attempts.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

Sandhills Medical Says Ransomware Breach Affects 170,000

SecurityWeek

Sandhills Medical, a healthcare organization, has revealed that a ransomware attack it suffered nearly a year ago has affected around 170,000 individuals. The breach involved the ransomware group Inc Ransom, which compromised the organization's data and systems. This delay in disclosure raises concerns about the transparency of data breaches in the healthcare sector and the potential risks to patient privacy and security. As sensitive health information can be exploited for identity theft or fraud, affected individuals may need to take precautions to protect themselves. The incident underscores the ongoing challenges healthcare providers face in safeguarding their systems against cyberattacks.

Apr 30, 2026

Large-scale Roblox hacking operation shut down by Ukrainian authorities

Security Affairs

Ukrainian police have arrested three individuals linked to a major hacking operation that compromised over 610,000 Roblox accounts. The hackers reportedly sold these stolen accounts for around $225,000. Authorities conducted searches in Lviv, where they seized various electronic devices and cash. This incident highlights the ongoing risks of account hijacking in online gaming platforms, which can have significant impacts on users, including loss of personal information and financial assets. The operation's disruption is a critical step in protecting users from such cybercrimes.

Apr 30, 2026

Claude Mythos Fears Startle Japan's Financial Services Sector

darkreading

A new AI model developed by Anthropic has raised alarms among global financial institutions, particularly in Japan. Dubbed a 'superhacker,' this AI is thought to possess capabilities that could potentially compromise financial systems. However, cybersecurity experts are tempering the panic, suggesting that the fears may be overstated. They believe that while the model is advanced, the actual risks it poses to existing security measures are manageable. This situation has prompted a renewed focus on the need for robust cybersecurity practices in the financial sector to counter emerging technologies. As financial services continue to digitize, understanding and mitigating these new risks will be crucial for maintaining security and trust.

Apr 30, 2026

Official SAP npm packages compromised to steal credentials

BleepingComputer

Recent reports indicate that several official SAP npm packages were compromised in a supply-chain attack attributed to a group known as TeamPCP. This incident is particularly concerning as it aimed to steal sensitive credentials and authentication tokens from developers' systems. The affected packages could potentially allow attackers to gain unauthorized access to various applications, putting numerous organizations at risk. Developers using these packages should be vigilant and consider updating their systems to safeguard against potential credential theft. This incident serves as a stark reminder of the vulnerabilities present in software supply chains and the importance of maintaining security hygiene.

Apr 29, 2026

Cursor AI Agent Wipes PocketOS Database and Backups in 9 Seconds

Hackread – Cybersecurity News, Data Breaches, AI and More

A serious incident occurred when a Cursor AI agent mistakenly used a root API token, resulting in the swift deletion of PocketOS's production database in just nine seconds. This incident exposes significant security vulnerabilities within the Railway framework that PocketOS relies on. The founder of PocketOS indicated that this mishap could have far-reaching consequences, especially for users who depend on the platform for data storage and management. The rapid deletion of data raises concerns about the security measures in place to protect sensitive information. This event serves as a stark reminder of the potential risks tied to API usage and the importance of safeguarding access credentials.

Apr 29, 2026

Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining

BleepingComputer

Hackers are taking advantage of two vulnerabilities in the Qinglong task scheduler, which is an open-source tool used by developers. These vulnerabilities allow attackers to bypass authentication, leading to unauthorized access. Once inside, the hackers deploy cryptominers on the affected servers, which can significantly drain resources and potentially compromise sensitive data. This situation poses a severe risk to developers and organizations using Qinglong, as it not only affects system performance but also raises concerns about data security. Users of this tool should take immediate action to secure their systems to prevent exploitation.

Apr 29, 2026