Silver Fox’s Russian Ruse: ValleyRAT Hits China via Fake Microsoft Teams Attack

Executive summary: ReliaQuest reports a high-confidence attribution to the Chinese APT 'Silver Fox' for an active SEO-poisoning campaign impersonating Microsoft Teams that delivers an updated ValleyRAT loader to Chinese-speaking users and organizations with operations in China; the report describes the ZIP/Setup.exe infection chain, use of Cyrillic false flags, binary-proxy DLL execution via rundll32, PowerShell-based Defender exclusion modifications, related infrastructure and IOCs, and recommends enhanced logging, EDR, and defensive playbooks to detect and contain infections.