Massive Winos 4.0 Campaigns Target Taiwan
Essential information
- Published
- 22/02/2026 02:50
- Modified
- 23/02/2026 09:49
- Tags
- 2026-02-22 apt byovd dll sideloading phishing taiwan uac bypass valleyrat winos 4.0
- Related entities
- 11 observables, 1 intrusion sets (apt), 18 techniques (mitre), 2 malware, 18 others
Description
A series of targeted phishing campaigns in Taiwan have been observed disseminating Winos 4.0 (ValleyRat) malware and associated plugins. The attacks exploit local business processes using themes like tax audits and e-invoices. The campaigns employ various techniques including malicious LNK files, DLL sideloading, and Bring Your Own Vulnerable Driver (BYOVD) attacks. The malware utilizes UAC bypassing, driver loading, and process termination to evade detection and disable security software. The attacks are attributed to a subgroup of the Silver Fox APT, showing sophisticated localization and evolving evasion techniques. The campaigns have been active since at least January 2026, using consistent infrastructure and development identifiers.