“a loader for a previously undocumented python - based backdoor codenamed abcdoor. the backdoor, per the russian cybersecurity company, has been part of the threat actor ' s arsenal since at least december 19, 2024, and was put to use in cyber attacks beginning february or march 2…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
80%
“silver fox deploys abcdoor malware via tax - themed phishing in india and russia the china - based cybercrime group known as silver fox has been linked to a new campaign targeting organizations in russia and india with a new malware called abcdoor. the activity involved using phi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.001Spearphishing Attachment
78%
“silver fox deploys abcdoor malware via tax - themed phishing in india and russia the china - based cybercrime group known as silver fox has been linked to a new campaign targeting organizations in russia and india with a new malware called abcdoor. the activity involved using phi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566Phishing
69%
“conducts profitable extensive opportunistic activities and espionage activities, " s2w said. " in the early stages, the group targeted china for attacks, but later expanded its operational scope to taiwan and japan. " " the silver fox group primarily utilizes highly customized sp…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
55%
“c2 ) communications, command execution, and retrieval and execution of additional modules. one of the custom modules deployed as part of the attack following a second geofencing check is abcdoor, which contacts an external server via https and processes incoming messages to facil…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1071.001Web Protocols
31%
“c2 ) communications, command execution, and retrieval and execution of additional modules. one of the custom modules deployed as part of the attack following a second geofencing check is abcdoor, which contacts an external server via https and processes incoming messages to facil…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor.
The activity involved using phishing emails that mimic correspondence from the Income Tax Department of India in December 2025, followed by a similar campaign aimed at Russian entities.
"Both waves followed a nearly identical