As tax season unfolds in Japan, a sophisticated cyber threat group known as Silver Fox is exploiting this period to launch precise phishing attacks on local businesses. These attacks coincide with the country’s annual tax filing, salary reviews, and personnel changes, presenting them as legitimate internal communications.
Targeted Phishing Campaigns
Silver Fox’s campaign primarily targets manufacturers and other businesses in Japan, capitalizing on the expectation of financial and human resources-related communications during this time. The group has been active since at least 2023, initially focusing on Chinese-speaking regions before expanding to Southeast Asia, Japan, and potentially North America.
The threat actor has historically targeted sectors including finance, healthcare, education, gaming, government, and even cybersecurity. This diversity in targets demonstrates Silver Fox’s adaptability and strategic planning, aligning attacks with predictable business cycles.
Phishing Techniques and Impact
WeLiveSecurity analysts have identified that Silver Fox’s emails are not generic but highly customized. The group conducts reconnaissance to gather real employee names and CEO identities, which are used to spoof sender details. Each email is crafted to appear as a legitimate internal message, with subject lines referencing tax compliance issues, salary adjustments, or personnel changes.
On March 11 and 12, 2026, Silver Fox distributed emails containing malicious attachments or links leading to harmful downloads, specifically the ValleyRAT trojan. This malware grants attackers remote access to compromised systems, enabling data theft and network infiltration.
Defensive Measures and Recommendations
To mitigate risks, WeLiveSecurity recommends verifying any emails related to salary changes, tax penalties, or personnel updates through alternative channels like phone calls or direct messages. Checking for mismatches between displayed names and actual email addresses can also help identify spoofing attempts.
Organizations should ensure their security software is up-to-date and report any suspicious emails to IT departments, even if they initially appear routine. Additional caution is advised if email language seems overly formal, as Silver Fox operators may not be native Japanese speakers, leading to subtle errors.
By remaining vigilant and adopting these protective measures, businesses can better defend against the evolving tactics of threat actors like Silver Fox.
