Summary

A new cyber campaign targets Chinese-speaking individuals using a trojanized version of SumatraPDF to deploy the AdaptixC2 Beacon. This facilitates the misuse of Microsoft Visual Studio Code tunnels for remote access.

Key Points

• The campaign was discovered by Zscaler ThreatLabz last month.
• It is attributed to the Tropic Trooper group with high confidence.
• The attack involves a trojanized SumatraPDF reader.
• AdaptixC2 Beacon is used as a post-exploitation agent.
• Microsoft Visual Studio Code tunnels are abused for remote access.

Analysis

This campaign highlights the evolving tactics of threat actors like Tropic Trooper, who are leveraging legitimate software and services to conduct their operations. The use of a trojanized SumatraPDF reader and GitHub for deployment showcases the sophistication and stealth of modern cyber threats, emphasizing the need for vigilance among IT professionals.

Conclusion

IT professionals should ensure that software is sourced from trusted vendors and regularly updated. Monitoring for unusual activity, especially involving legitimate applications, is crucial to mitigate such threats.