"The threat actors created a custom AdaptixC2 Beacon listener, leveraging GitHub as their command-and-control (C2) platform, according to security researcher Yin Hong Chang."
"The backdoored SumatraPDF executable launches a slightly modified version of a loader codenamed TOSHIS, which is a variant of Xiangoop, a malware linked to Tropic Trooper."
"The loader is responsible for activating the multi-stage attack, dropping both the lure document as a distraction mechanism and the AdaptixC2 Beacon agent in the background."
A campaign targeting Chinese-speaking individuals utilizes a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent. This facilitates the abuse of Microsoft Visual Studio Code tunnels for remote access. The campaign is attributed to the Tropic Trooper hacking group, active since at least 2011, and primarily targets individuals in Taiwan, South Korea, and Japan. The attack begins with a ZIP archive containing military-themed documents that launch the rogue SumatraPDF, which retrieves encrypted shellcode to activate the AdaptixC2 Beacon.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]