Threat Research

Labs have uncovered targeted phishing campaigns in Taiwan that exploit local business workflows. The attacks deliver Winos 4.0 (ValleyRat) and additional malicious plugins through weaponized attachments and embedded links. Lures impersonate official communications, including tax audit notices, tax software installers, and cloud e-invoice downloads....

The Threat Analysis reports examine emerging threats and offer practical guidance for mitigating them. In this report, Security Services analyzes a fake installer attack recently observed multiple times. The investigation uncovered findings not previously documented and revealed new threat intelligence....

A sophisticated phishing campaign targeting Indian entities has been attributed to the Chinese Silver Fox APT. The attackers used highly convincing Income Tax–themed lures to deliver malware through a complex kill chain involving DLL hijacking and the modular Valley RAT, enabling long-term persistence....

A malware campaign active since May 2025 has been targeting Chinese-speaking users, delivering multiple remote access trojans, including ValleyRAT, FatalRAT, and a newly identified variant dubbed kkRAT. kkRAT shares code similarities with Ghost RAT and Big Bad Wolf (大灰狼), commonly used by China-based threat actors....

ValleyRAT is a remote access Trojan (RAT) that was first detected in early 2023, mainly aimed at Chinese-speaking users via targeted phishing campaigns. Its primary function is to monitor and control infected systems, allowing attackers to install additional malicious plugins for increased damage....