In the evolving landscape of nation-state cyber threats, few groups have emerged with the speed, sophistication, and regional precision of Silver Fox APT. Known also as Void Arachne and The Great Thief of Valley, Silver Fox is a China-based advanced persistent threat group believed to have been active since at least 2022, with a dramatic operational acceleration beginning in late 2023 and continuing into 2026.
Where many threat actors rely on brute force or known exploits, Silver Fox has distinguished itself through a masterclass in weaponizing trust: trust in legitimate software, trust in signed kernel drivers, and trust in official government communications.
The group’s recent campaigns, documented in depth by FortiGuard Labs, Check Point Research, Forescout, Trustwave SpiderLabs, and others, reveal a threat actor that is highly organized, operationally disciplined, and tactically innovative. Their attacks against organizations in Taiwan represent a case study in how modern espionage groups blend social engineering with low-level technical exploitation to achieve near-total control over victim systems while evading virtually every layer of conventional defense.
This article provides a comprehensive analysis of Silver Fox APT: who they are, how they operate, what malware they deploy, how their techniques work at a technical level, and what defenders must do to detect and respond to them.
Origins, Attribution, and Targeting
Silver Fox is assessed with moderate-to-high confidence as a China-based threat group, likely operating with some degree of state sponsorship or strategic alignment. Also tracked under the aliases SwimSnake, UTG-Q-1000, and Void Arachne, the group is believed to have been active since at least the second half of 2022, according to Chinese cybersecurity vendor Antiy, with a notable acceleration in operational tempo beginning in late 2023 and expanding dramatically through 2024 and into 2026. Unlike some China-linked APT groups with long-established histories, Silver Fox is a relatively new entrant to the threat landscape but has matured unusually quickly.
In at least one documented campaign, Silver Fox embedded false flag elements within their malware referencing Russian threat actors such as Cozy Bear and Fancy Bear, including Cyrillic strings and decoy infrastructure mimicking Russian command-and-control servers. ReliaQuest researcher Hayden Evans reported that the group used a modified ValleyRAT loader containing Cyrillic elements that were likely an intentional move to mislead attribution and confuse incident response efforts. This reflects a sophisticated understanding of how threat intelligence analysts attribute campaigns and represents a deliberate effort to misdirect investigators.
The group’s primary geographic focus has been on Taiwan, with significant activity also documented in China itself, Japan, Malaysia, and India. In July 2024, Chinese cybersecurity firm Knownsec’s 404 Advanced Threat Intelligence Team concluded that Silver Fox may in fact be an APT group masquerading as cybercriminals, noting a shift in targeting from opportunistic individual victims toward governmental institutions, cybersecurity companies, healthcare organizations, and financial sector enterprises. Knownsec’s researchers observed that the group’s Winos samples showed deliberate investment in countering analysis and expanding its arsenal, and warned that the departure from typical cybercrime targeting suggested a deliberate attempt by an APT group to blend in with cybercrime activities for covert purposes. This pattern is consistent with state-directed intelligence collection rather than purely criminal activity.
Taiwan is the most heavily targeted jurisdiction, which aligns with the broader strategic context of Chinese state interest in Taiwanese organizations, critical infrastructure, and government systems. Silver Fox’s campaign lures are so highly localized to Taiwan’s tax, finance, and regulatory environment that they demonstrate detailed knowledge of local business processes, which further supports the assessment of state-backed resources and research behind the operations.
The Malware Arsenal: Winos 4.0 and ValleyRAT
At the core of Silver Fox’s operations is a remote access trojan known as Winos 4.0, also referred to by researchers as ValleyRAT. This malware traces its lineage back to Gh0st RAT, an open-source remote access tool whose source code was leaked in 2008 and has since been adopted, modified, and extended by numerous Chinese-linked threat groups. As Daniel dos Santos, Head of Security Research at Forescout’s Vedere Labs, explained to The Hacker News, Winos and ValleyRAT are variations of Gh0st RAT attributed to Silver Fox by different researchers at different points in time, with the tool constantly evolving to incorporate both local trojan capabilities and command-and-control server functionality. Silver Fox has built on this foundation to create a highly modular, evasion-focused backdoor that is central to virtually all of their known campaigns.
Winos 4.0 is not simply a RAT in the traditional sense. Once deployed, it operates as a platform for persistent access, capable of downloading and executing additional plugins directly into the Windows registry without writing new executable files to disk. This fileless execution model is a deliberate anti-forensics strategy designed to minimize the evidence that incident responders and endpoint detection tools can find on a compromised system. The capabilities enabled through this plugin system include file management, screen capture, keylogging, remote shell access, clipboard monitoring, and full system metadata exfiltration.
In healthcare-targeted campaigns, Silver Fox has deployed Winos 4.0 alongside both a keylogger and a cryptocurrency miner, suggesting that while the primary objective is espionage and persistent access, the group is also willing to monetize victim resources opportunistically. Persistence is achieved through Windows scheduled tasks that relaunch the malware automatically at every user login and system reboot, ensuring that even a manual removal attempt that misses the scheduled task will result in re-infection.
Silver Fox has also deployed a second RAT known as HoldingHands RAT (a Gh0st RAT variant also called Gh0stBins) in campaigns targeting Japan and Malaysia. It establishes a persistent C2 channel with heartbeats every 60 seconds, supports arbitrary code execution, data exfiltration including screenshots and clipboard contents, and dynamic C2 address updates via the Windows Registry. The trojan is specifically designed to disable or evade endpoint security tools and remain dormant until activated by the attacker.
Communication between the ValleyRAT downloader and its C2 servers is encrypted using an XOR cipher, adding a layer of obfuscation that can complicate network-based detection. The malware also employs API hashing and indirect function resolution to obscure its behavior from static and dynamic analysis tools.
Beyond Winos 4.0 and HoldingHands RAT, Silver Fox has deployed additional tools from the Gh0st RAT lineage. In campaigns documented by Netskope Threat Labs in mid-2025, the group used fake software installers to deliver Sainbox RAT alongside a variant of the open-source Hidden rootkit. Sainbox RAT provides the attacker full control of the victim’s machine, while the Hidden rootkit, loaded as a kernel service, conceals processes, files, and registry entries using mini-filters and kernel callbacks. The rootkit can also protect itself and specific processes from termination, adding a layer of stealth that complements the group’s BYOVD-based AV-killing techniques. The breadth of Silver Fox’s toolset, spanning commodity RATs, custom backdoors, and open-source rootkits, reflects an operationally flexible group that selects its tools based on the specific requirements of each campaign.
Social Engineering: Exploiting Local Trust
Silver Fox’s social engineering is what makes its technical sophistication so dangerous. Without effective initial access, even the most advanced malware cannot execute. The group invests heavily in crafting lures that are culturally and contextually appropriate for their targets, dramatically increasing the probability that a victim will open a malicious file.
In Taiwan, the dominant lure themes center on tax compliance and financial administration. Campaigns have impersonated Taiwan’s National Taxation Bureau, delivering phishing emails claiming that the recipient’s organization is scheduled for a tax audit. As FortiGuard Labs security researcher Pei Han Liao detailed in reporting shared with The Hacker News, one confirmed campaign used an email where the sender instructed the recipient to forward an attached document to their company’s treasurer, exploiting internal trust and urgency simultaneously. The attachment appeared to be an official document from the Ministry of Finance but contained a malicious ZIP archive embedding a weaponized DLL.
A second wave of campaigns shifted to e-invoice themes, distributing archives via phishing links that redirected victims to China-hosted cloud storage where malicious packages awaited download. These packages contained legitimate-looking tax application executables alongside poisoned DLLs that would be sideloaded when the user ran the trusted-looking software.
Beyond tax lures, Silver Fox has demonstrated impressive adaptability in its delivery mechanisms. The group has distributed backdoored installers for widely trusted software including Google Chrome, Telegram, VPN clients such as LetsVPN and QuickVPN, productivity tools like WPS Office, the Sogou search engine, and AI tools including deepfake generators and voice changers. In one particularly notable campaign documented in mid-2025, the group exploited the popularity of DeepSeek’s R1 large language model by creating convincing fake installer pages that delivered malware to Chinese-speaking users who believed they were downloading the legitimate AI tool.
In Operation Holding Hands, Silver Fox targeted organizations in Japan and Taiwan using digitally signed fake salary notices, signed with stolen certificates, which unpacked COM-based loaders and deployed Winos 4.0 entirely in memory. Independent security researcher somedieyoungZZ, whose findings were corroborated by Fortinet, described the entire setup as crafted to bypass conventional detection mechanisms. The use of stolen signing certificates demonstrates a level of operational investment that goes well beyond typical cybercrime.
In the healthcare sector, the group deployed trojanized versions of the Philips DICOM Viewer, a medical imaging application, masqueraded as a legitimate executable called MediaViewerLauncher.exe. Forescout researchers identified a cluster of 29 malware samples between July 2024 and January 2025 that used this approach. All identified samples were submitted to VirusTotal from the United States or Canada, and the researchers warned that infected patient devices could potentially give threat actors an initial foothold within healthcare networks, particularly in scenarios involving hospital-at-home programs that rely on patient-owned technology.
Technical Attack Chain: From Phishing to Kernel Control
Stage 1: Initial Delivery
The infection begins with either a phishing email containing a malicious archive or a poisoned website reached via SEO manipulation. In the LNK-based campaign variant, the victim receives a RAR archive containing a benign decoy document alongside a malicious Windows shortcut file (.LNK). Opening the shortcut triggers a download chain. In the DLL sideloading variant, the archive contains a legitimate application executable alongside a malicious DLL file that Windows will load automatically when the trusted application runs. The victim sees a real, functioning application and has no indication that anything malicious has occurred.
Stage 2: DLL Sideloading
DLL sideloading exploits a fundamental behavior in how Windows resolves dynamic link library dependencies. When an application needs to load a DLL, Windows searches a series of directories in a defined order, beginning with the application’s own directory. By placing a malicious DLL in the same directory as a trusted executable, attackers ensure that when the legitimate software runs, it loads the attacker’s code instead of or in addition to the legitimate library, all while appearing to run normally. The process executing the malicious code is the trusted application itself, which means process-based detection logic will see a signed, known-good application as the parent process.
Analysis of Silver Fox’s DLL files has revealed internal project path strings written in Chinese characters, most notably the string translated as “Large Horse Project (2),” which researchers used to track additional related campaigns. This suggests the group maintains a structured, project-based development environment for their malware.
Stage 3: Shellcode Execution and Privilege Escalation
Once the malicious DLL executes, it loads encrypted shellcode from files designed to look like innocuous data files. The loader performs extensive anti-analysis checks at this stage, detecting virtual machine environments, sandboxes, and hypervisors. If any of these checks indicate an analysis environment, execution aborts and a fake system error message is displayed. One analyzed sample specifically whitelisted three computer names that appear to belong to the attackers’ own development systems, an operational security measure to prevent the malware from activating on machines used for testing.
If the environment checks pass, the loader proceeds to escalate privileges. In campaigns analyzed by Fortinet and Check Point, this involves dynamically resolving native Windows API functions including NtLoadDriver and RtlAdjustPrivilege directly from ntdll.dll, bypassing standard Windows API monitoring. The malware then checks registry settings related to the Windows Vulnerable Driver Blocklist and adapts its behavior accordingly.
Stage 4: BYOVD and Security Tool Neutralization
Bring Your Own Vulnerable Driver, or BYOVD, is the technique that makes Silver Fox’s campaigns especially difficult to defend against. The approach involves loading a legitimate, validly signed Windows kernel-mode driver onto the victim system and then exploiting a known vulnerability in that driver to execute code at kernel level. Because the driver itself is legitimately signed, it passes Windows driver signing requirements and does not trigger alerts based on signature validation. Silver Fox has demonstrated a sustained, evolving commitment to this technique across multiple campaigns, cycling through different vulnerable drivers as each is disclosed and blocklisted.
Silver Fox has used multiple vulnerable drivers across its campaigns, demonstrating a consistent pattern of finding and exploiting gaps in kernel driver security. In an earlier campaign beginning around mid-June 2024, the group exploited a version of the Truesight.sys driver, associated with Adlice’s RogueKiller anti-malware program, to deliver Gh0stRAT across Southeast Asia. Although all versions of Truesight.sys below 3.4.0 were known to be vulnerable to arbitrary process termination, version 2.0.2 possessed an incorrect TBS hash in Microsoft’s Vulnerable Driver Blocklist, effectively allowing it to bypass the blocklist entirely. Silver Fox exploited this error at scale, with over 2,500 distinct variants of the driver eventually identified on VirusTotal. Microsoft did not update the blocklist to close this gap until December 2024.
In the Taiwan campaigns documented by FortiGuard Labs in early 2026, the driver of choice shifted to wsftprm.sys, associated with the Topaz OFD antifraud software. This driver contains a vulnerability allowing low-privileged code to kill Protected Process Light processes, including Microsoft Defender, through crafted IOCTL calls. In campaigns analyzed by Check Point Research in mid-2025, the group exploited two drivers derived from the Zemana Anti-Malware SDK: the long-known ZAM driver for compatibility with older Windows 7 systems, and more critically, the WatchDog Antimalware driver (amsdk.sys). As Check Point noted, the WatchDog driver was Microsoft-signed, not listed in the Microsoft Vulnerable Driver Blocklist, and not detected by community projects like LOLDrivers, giving it an effectively unobstructed path to kernel-level exploitation.
After Check Point disclosed the WatchDog driver vulnerability and the vendor released a patch, Silver Fox adapted by altering a single byte in the unauthenticated timestamp field of the patched driver’s Microsoft Authenticode signature. Check Point researchers explained that because that field is not covered by the main signature digest, the driver remained validly signed and trusted by Windows while presenting a new file hash, effectively bypassing hash-based blocklists. This kind of rapid adaptation in response to researcher disclosure is a hallmark of well-resourced, professionally managed threat operations.
Once kernel-level access is obtained, the malware enters a continuous monitoring loop, scanning running processes and terminating a comprehensive list of security products from vendors including Microsoft, Trend Micro, Symantec, Avast, AVG, Kingsoft, Huorong, and 360 Total Security. With endpoint defenses neutralized, the environment is clear for the final payload.
Stage 5: Winos 4.0 Deployment and Persistence
With security products terminated, Winos 4.0 is loaded into memory via reflective DLL injection. The malware’s C2 address is Base64-encoded within the binary rather than stored in plaintext, adding a layer of obfuscation to network traffic analysis. Once connected, it downloads additional plugins into the Windows registry, establishes persistence through scheduled tasks configured to survive reboots, and begins its espionage functions. The entire infection chain, from a user opening a tax document to an attacker having persistent kernel-level access, unfolds silently and without any visible indication to the victim.
Infrastructure: Designed to Evade Detection
Silver Fox’s infrastructure reflects the same attention to operational security that characterizes their malware development. The group maintains a rotating network of domains and abuses legitimate cloud hosting services, including Alibaba Cloud’s Object Storage Service and other Chinese cloud providers, to host and distribute payloads. By using legitimate cloud infrastructure as a staging platform, the group makes domain-based blocking ineffective, since blocking the domains would also block legitimate access to the underlying cloud services.
FortiGuard Labs analysis of domain registration data in the January 2026 campaigns revealed a consistent registrant name and email address linked to a university domain, and noted that the LNK file metadata contained a specific MachineID that had been observed in earlier Silver Fox development activity from August 2025. FortiGuard Labs assessed with high confidence that these campaigns are the work of the same specialized subgroup within Silver Fox, given the identical driver-abuse techniques and overlapping infrastructure.
The group rotates domains frequently, rendering static indicator-based defenses minimally effective. Organizations relying on block lists of known malicious domains will find them obsolete within days or weeks of a campaign beginning.
The operational scale of Silver Fox’s distribution infrastructure was exposed in late 2025 when NCC Group researchers identified an exposed link management panel at ssl3[.]space used by the group to track download activity across its malicious installer campaigns. Analysis of that panel revealed backdoored installers impersonating at least 20 widely used applications, including Microsoft Teams, Telegram, Signal, WPS Office, OpenVPN, and others. Click data from the panel showed that the campaign’s reach extended well beyond Asia, with hundreds of clicks from mainland China followed by victims across the United States, Hong Kong, Taiwan, Australia, and other regions in Europe and North America. This infrastructure discovery provided concrete evidence that Silver Fox’s campaigns are larger and more globally distributed than any single campaign report would suggest.
Expanding Geographic and Sector Targeting
While Taiwan has been Silver Fox’s primary focus, the group has demonstrated a clear trajectory of geographic expansion. Japan and Malaysia have been targeted through Operation Holding Hands and related campaigns. India has become a target, with campaigns exploiting tax season to deliver ValleyRAT to financial sector organizations. China itself has been targeted, with campaigns using fake Microsoft Teams installers and SEO poisoning to reach Chinese-speaking users, which is unusual for a supposedly state-affiliated group and may reflect either internal intelligence collection or financially motivated operations running in parallel with state-directed activity. In mid-2025, Netskope Threat Labs documented a parallel campaign using fake installers for DeepSeek, WPS Office, and Sogou to deliver Sainbox RAT and the Hidden rootkit to Chinese-speaking users, demonstrating the group’s willingness to exploit trending AI software as a delivery vehicle.
“While it’s a more complex model than pure espionage or pure crime, this dual approach gives Silver Fox more flexibility, better cover, and broader reach.” — Sıla Özeren, Security Research Engineer, Picus Security
The healthcare sector expansion is particularly concerning. Forescout’s research documented campaigns using trojanized medical imaging software with English-language executables and file submissions originating from the United States and Canada, suggesting that Silver Fox may be expanding its targeting to new regions and sectors. If confirmed at scale, this would represent a significant escalation in the group’s ambition and geographic reach.
Sector targeting has similarly broadened. Beyond government and financial organizations, documented targets now include healthcare delivery organizations, cybersecurity companies, technology firms, gaming companies, and e-commerce enterprises. As Karl Sigler, Senior Security Research Manager at Trustwave, observed, Silver Fox’s broad skill set, from exploit development to social engineering and phishing attacks, means the group does not have to choose between a specific APT-type mission or an opportunistic, financially motivated attack. This breadth suggests either a large operational capacity or multiple subgroups operating under the Silver Fox umbrella, each pursuing different target categories.
Detection, Response, and Defense
Defending against Silver Fox requires moving beyond conventional signature-based and domain-blocklist approaches, both of which are demonstrably inadequate against this group. The following defensive strategies represent the most effective countermeasures based on the group’s known TTPs.
Behavioral-Based Endpoint Detection
The most reliable detection mechanism for Silver Fox campaigns is behavioral analysis at the endpoint level. Security teams should configure EDR solutions to alert on anomalous DLL loading behavior, particularly instances where a trusted application loads a DLL from its own application directory that does not match the expected file hash. Monitoring for the dynamic resolution of native APIs like NtLoadDriver and RtlAdjustPrivilege from ntdll.dll is also high-value, since legitimate applications rarely invoke these functions through dynamic resolution.
Kernel Driver Monitoring
Given Silver Fox’s consistent reliance on BYOVD, monitoring for kernel driver loading events is essential. Security teams should maintain awareness of the Microsoft Vulnerable Driver Blocklist and ensure it is enforced, while also monitoring for driver loading behavior that bypasses or queries the blocklist. Check Point Research has stressed that proactive identification, reporting, and patching of driver vulnerabilities are critical to strengthening Windows systems against evolving BYOVD techniques. Any new kernel driver loaded during a session that was not present at system startup should be treated as suspicious and investigated. Behavior-based detection that monitors for processes being terminated by kernel-mode drivers, rather than by user-mode processes, is particularly effective at catching the AV-killing phase of Silver Fox’s infection chain.
Email and Archive File Controls
Because Silver Fox’s initial access consistently relies on phishing with compressed archives, email security gateways should be configured to inspect archive files including RAR and ZIP for combinations of executable files, DLLs, and LNK shortcuts alongside decoy documents. Unsolicited emails referencing tax audits, financial inspections, or software installers should be treated as high-risk regardless of apparent sender legitimacy. Organizations in Taiwan and other regions targeted by Silver Fox should implement enhanced scrutiny of any communications claiming to originate from tax or financial authorities.
User Awareness Training
Silver Fox’s campaigns succeed because they are convincing to their targets. Training employees to recognize the social engineering patterns the group uses, particularly tax-themed urgency, requests to forward documents internally, and software installer lures, is a meaningful defensive investment. Simulated phishing exercises using tax and regulatory lure themes can help identify users who are at risk and prioritize additional training.
Zero Trust and Least Privilege
Enforcing least privilege across user accounts and applications limits the damage Silver Fox can do even after initial access. A user who does not have administrative rights cannot easily load kernel drivers, which directly impedes the BYOVD phase of the attack chain. Network segmentation further limits lateral movement if an initial compromise occurs, containing the blast radius of a successful intrusion.
Threat Intelligence Integration
Organizations operating in sectors or geographies targeted by Silver Fox should integrate current threat intelligence feeds that track the group’s infrastructure and indicators of compromise. Given the speed with which the group rotates domains and adapts to disclosed vulnerabilities, intelligence must be consumed and acted upon in near real time to be useful. Sharing indicators of compromise across peer organizations and sector-specific information sharing groups accelerates collective defense.
Conclusion
Silver Fox APT represents one of the technically sophisticated and operationally disciplined threat groups to emerge in recent years. In a relatively short time, the group has developed a comprehensive attack capability that combines meticulous social engineering, advanced malware, kernel-level exploitation, and anti-forensics into a seamless operational package. Their ability to consistently weaponize legitimate, trusted software and signed drivers, and then rapidly adapt when those techniques are disclosed by researchers, sets them apart from many of their peers. The progression from exploiting a blocklist error in the Truesight.sys driver in 2024, to discovering and weaponizing the previously unknown WatchDog driver vulnerability in 2025, to deploying yet another driver in the 2026 Taiwan campaigns, illustrates a group that treats vulnerable driver discovery as a core operational competency.
The group’s trajectory points toward continued expansion, both geographically and in terms of the sectors it targets. The emergence of English-language malware samples and file submissions from North America suggests that organizations outside of Asia cannot assume they are outside Silver Fox’s operational scope. NCC Group’s discovery of an exposed link management panel tracking victims across Asia-Pacific, Europe, and North America confirmed that the group’s reach already extends well beyond its Asian heartland. Healthcare organizations in particular should take note.
For cybersecurity educators and practitioners, Silver Fox campaigns offer some of the clearest real-world illustrations of why signature-based defenses are insufficient against advanced threat actors, why kernel driver security matters, and why social engineering remains the consistently effective initial access vector regardless of the technical sophistication of what follows. The group exploits human trust and technical blind spots with equal facility, which is precisely what makes them so formidable.
Staying ahead of Silver Fox requires behavioral detection at multiple layers of the stack, proactive threat intelligence consumption, and a security culture that treats every unsolicited document or installer with appropriate skepticism. As Picus Security’s Özeren has warned, defenders in the Asia-Pacific region face threat actors who are not only persistent and stealthy, but also financially motivated and operationally diverse. In the current threat environment, that level of vigilance is not excessive caution; it is a baseline requirement.
Sources and References
- FortiGuard Labs: Massive Winos 4.0 Campaigns Target Taiwan (February 2026)
- Check Point Research: Chasing the Silver Fox — Cat & Mouse in Kernel Shadows (August 2025)
- Forescout Vedere Labs: Silver Fox Campaign Targeting Healthcare (February 2025)
- Dark Reading: Silver Fox APT Blurs the Line of Espionage & Cybercrime (August 2025)
- The Hacker News: Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT (October 2025)
- Trustwave SpiderLabs: Inside Silver Fox’s Den (August 2025)
- Infosecurity Magazine: Chinese-Backed Silver Fox Plants Backdoors in Healthcare Networks (February 2025)
- Dark Reading: Silver Fox APT Skirts Windows Blocklist in BYOVD Attack (February 2025)
- ReliaQuest: Silver Fox’s Russian Ruse — Fake Microsoft Teams Attack (December 2025)
- The Hacker News: Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT (December 2025)
- Knownsec 404 Advanced Threat Intelligence Team: Analysis of Suspected APT Attack Activities by Silver Fox (July 2024)
- The Hacker News: Silver Fox APT Targets Taiwan with Gh0stCringe and HoldingHands RAT (June 2025)
- Netskope Threat Labs: DeepSeek Deception — Sainbox RAT & Hidden Rootkit Delivery (June 2025)
- NCC Group: Black Hole of Trust — SEO Poisoning in Silver Fox’s Space Odyssey (December 2025)
- The Hacker News: 2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT (February 2025)