TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

ESET WeLiveSecurity

A cunning predator: How Silver Fox preys on Japanese firms this tax season

2026-03-27 · Read original ↗

ATT&CK techniques detected

14 predictions
T1566.001Spearphishing Attachment
92%
“generic blasts. the attackers are picking names that the targets are likely to recognize and trust, which makes it more difficult for the recipients to distinguish the malicious messages from real internal notifications. the emails typically contain either a malicious attachment …”
T1566.002Spearphishing Link
76%
“successful compromise. what is the threat? active since at least 2023, silver fox initially focused on chinese - speaking targets before expanding into southeast asia, japan, and potentially north america, running each campaign in a local language. this broadened scope shows in t…”
T1598.002Spearphishing Attachment
72%
“a cunning predator : how silver fox preys on japanese firms this tax season japan has entered its annual tax filing and organizational change season, a period when companies generate a high volume of legitimate financial and hr ‑ related communications. a threat actor known as si…”
T1566.002Spearphishing Link
71%
“a cunning predator : how silver fox preys on japanese firms this tax season japan has entered its annual tax filing and organizational change season, a period when companies generate a high volume of legitimate financial and hr ‑ related communications. a threat actor known as si…”
T1566.002Spearphishing Link
69%
“tax - related messages. to make the emails appear authentic, the attackers often include the name of the targeted company directly in the subject line. examples of subjects observed in this campaign include : - 「 会 社 名 」 会 正 に するお らせ ( translation : < company name > notice of ame…”
T1598.002Spearphishing Attachment
67%
“generic blasts. the attackers are picking names that the targets are likely to recognize and trust, which makes it more difficult for the recipients to distinguish the malicious messages from real internal notifications. the emails typically contain either a malicious attachment …”
T1598.002Spearphishing Attachment
62%
“tax - related messages. to make the emails appear authentic, the attackers often include the name of the targeted company directly in the subject line. examples of subjects observed in this campaign include : - 「 会 社 名 」 会 正 に するお らせ ( translation : < company name > notice of ame…”
T1566.001Spearphishing Attachment
53%
“tax - related messages. to make the emails appear authentic, the attackers often include the name of the targeted company directly in the subject line. examples of subjects observed in this campaign include : - 「 会 社 名 」 会 正 に するお らせ ( translation : < company name > notice of ame…”
T1667Email Bombing
44%
“generic blasts. the attackers are picking names that the targets are likely to recognize and trust, which makes it more difficult for the recipients to distinguish the malicious messages from real internal notifications. the emails typically contain either a malicious attachment …”
T1598Phishing for Information
43%
“a cunning predator : how silver fox preys on japanese firms this tax season japan has entered its annual tax filing and organizational change season, a period when companies generate a high volume of legitimate financial and hr ‑ related communications. a threat actor known as si…”
T1598.002Spearphishing Attachment
39%
“successful compromise. what is the threat? active since at least 2023, silver fox initially focused on chinese - speaking targets before expanding into southeast asia, japan, and potentially north america, running each campaign in a local language. this broadened scope shows in t…”
T1566.002Spearphishing Link
37%
“generic blasts. the attackers are picking names that the targets are likely to recognize and trust, which makes it more difficult for the recipients to distinguish the malicious messages from real internal notifications. the emails typically contain either a malicious attachment …”
T1566.001Spearphishing Attachment
34%
“a cunning predator : how silver fox preys on japanese firms this tax season japan has entered its annual tax filing and organizational change season, a period when companies generate a high volume of legitimate financial and hr ‑ related communications. a threat actor known as si…”
T1566.003Spearphishing via Service
32%
“successful compromise. what is the threat? active since at least 2023, silver fox initially focused on chinese - speaking targets before expanding into southeast asia, japan, and potentially north america, running each campaign in a local language. this broadened scope shows in t…”

Summary

Silver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening them