The AdaptixC2 framework, initially designed for legitimate red team activities, has been hijacked by advanced threat actors for malicious use in global ransomware campaigns. Security researchers from Silent Push highlighted a rise in AdaptixC2 deployments, with malicious payloads primarily linked to operations such as CountLoader. Since March 2023, the abuse of this framework has led to compromises of over 250 organizations and an estimated $42 million in ransom claims.
The framework’s flexibility and multi-platform support make it an attractive tool for attackers aiming to maintain persistent control over compromised systems. It enables various listener types, complicating detection efforts. Furthermore, investigations into the origins of AdaptixC2 revealed ties to the Russian underground, with its lead developer, known as RalfHacker, managing the project via a Russian-language Telegram sales channel. This highlights the sinister use of tools intended for ethical purposes and underscores the evolving landscape of cyber threats.
👉 Pročitaj original: Cyber Security News
