Tropic Trooper spies on government entities in the Middle East
Essential information
- Published
- 05/09/2024 15:54
- Modified
- 05/09/2024 16:17
- Tags
- 2024-09-05 bypassgodzilla china chopper crowdoor fscan neo-regeorg swor umbraco cms web shell
- Related entities
- 7 observables, 1 intrusion sets (apt), 19 techniques (mitre), 5 malware, 2 others
Description
Tropic Trooper, a Chinese-speaking APT group active since 2011, has expanded its operations to target government entities in the Middle East. The group deployed a new variant of the China Chopper web shell on a compromised Umbraco CMS server, along with other post-exploitation tools and backdoor implants. The attackers used DLL search-order hijacking to load malicious payloads, including a loader called Crowdoor. The campaign focused on cyber espionage, targeting systems related to human rights studies in the region. This marks a strategic shift for Tropic Trooper, previously known for targeting Southeast Asian countries.