Tropic Trooper uses trojanized SumatraPDF and GitHub for AdaptixC2

Colleagues, security alert: Tropic Trooper distributes AdaptixC2 via a trojanized SumatraPDF.
- Zscaler ThreatLabz: the ZIP lure shows a decoy reader and drops encrypted shellcode; the TOSHIS loader (Xiangoop variant) deploys the agent.
- AdaptixC2 uses GitHub as a C2 channel; upon identifying high-value targets, operators deploy VS Code and configure VS Code Tunnels for access. Staging servers also hosted Cobalt Strike and EntryShell.
Why it matters: abusing legitimate applications and public services complicates detection and increases risk of prolonged compromise.
How are we strengthening defenses against such supply-chain and service-abuse chains?
#cybersecurity #ThreatIntelligence #APT #DevSecOps


Latest comments
No comments yet.