The Tropic Trooper (APT23) threat group is currently targeting Chinese-speaking individuals across East Asia using a trojanized SumatraPDF reader. This campaign utilizes the TOSHIS loader to deploy the AdaptixC2 Beacon, a post-exploitation framework that leverages GitHub as its command-and-control (C2) infrastructure for stealthy task execution.
Upon compromising high-value targets, the attackers establish remote access by weaponizing Microsoft Visual Studio Code tunnels. This multi-stage intrusion also involves military-themed document lures and the delivery of secondary payloads like EntryShell and Cobalt Strike, highlighting the group's shift toward using newer publicly available backdoors for their operations.