Massive Winos 4.0 Campaigns Target Taiwan

**Executive summary:** FortiGuard Labs observed multiple localized tax-themed phishing campaigns targeting organizations in Taiwan that deliver the Winos 4.0 (ValleyRat) remote-access malware and plugins via staged LNK downloaders and DLL sideloading, abusing a signed vulnerable driver (wsftprm.sys) for kernel privileges; the report includes detailed TTPs, IOCs (domains, IP 47.76.86.151, URLs, SHA256s), and attributes the activity to the Silver Fox APT subgroup.