SilverFox phishing targets India with fake IT dept notices, deploys ABCDoor backdoor
Cybersecurity firm Kaspersky has attributed a global wave of phishing attacks to the SilverFox threat group, which has been masquerading as tax-related files to infiltrate organisations across multiple countries — with India identified as the campaign's earliest target. The group has now escalated its toolkit by deploying a previously undocumented Python-based backdoor that Kaspersky has named ABCDoor.
How the Campaign Began
According to Kaspersky, the campaign was first detected in December 2025, when emails closely mimicking notices from India's Income Tax Department began circulating. The same threat group subsequently launched phishing attacks in Russia in January 2026, followed by reported incidents in Indonesia, South Africa, and several other countries. Between January and February 2026, the firm recorded over 1,600 malicious emails targeting firms in the industrial, consulting, trade, and transportation sectors.
How the Attack Works
The phishing emails urged recipients to download an archive described as a
