"Palo Alto Networks Unit 42, which broke down the technical aspects of the framework last month, characterized it as a modular and versatile framework that can be used to "comprehensively control impacted machines," and that it has been put to use as part of fake help desk support call scams via Microsoft Teams and through an artificial intelligence (AI)-generated PowerShell script."
"AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing. While the server component is written in Golang, the GUI Client is written in C++ QT for cross-platform compatibility. It comes with a wide range of features, including fully encrypted communications, command execution, credential and screenshot managers, and a remote terminal, among others. An early iteration was publicly released by a GitHub user named " RalfHacker" (@HackerRalf on X) in August 2024, who describes themselves as a penetration tester, red team operator, and "MalDev" (short for malware developer)."
AdaptixC2 is an open-source, extensible post-exploitation and adversarial emulation framework built for penetration testing. The server component is written in Golang and the GUI client uses C++ QT for cross-platform compatibility. Core features include fully encrypted communications, remote command execution, credential and screenshot managers, and a remote terminal. An early public release appeared in August 2024 under the GitHub account " RalfHacker". The framework has been adopted by multiple threat actors, including groups tied to Fog and Akira ransomware, and by an initial access broker using CountLoader. Unit 42 described the framework as modular and capable of comprehensively controlling impacted machines, and reported its use in fake help-desk scams and an AI-generated PowerShell script. Silent Push correlated the GitHub account with email addresses and a Telegram channel.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]