The threat actor known as Tropic Trooper (APT23) has launched a new campaign targeting Chinese-speaking individuals in East Asia, utilizing a trojanized version of the SumatraPDF reader. The attack chain employs the TOSHIS loader to deliver the AdaptixC2 Beacon agent, a post-exploitation framework that has replaced the group's previous reliance on Cobalt Strike and Merlin.
Security researchers discovered that the campaign leverages GitHub as a command-and-control platform and weaponizes Microsoft Visual Studio Code tunnels for remote access. By deploying these tunnels on high-value targets, the attackers can maintain persistent access and camouflage their activities within legitimate developer tools and encrypted traffic.
Top comments (0)