Tropic Trooper spies on government entities in the Middle East
Tropic Trooper a Chinese-speaking APT group active since 2011 has expanded its operations to target government entities in the Middle East. The group deployed a new variant of the China Chopper web shell on a compromised Umbraco CMS server along with other post-exploitation tools and backdoor implants. The attackers used DLL search-order hijacking to load malicious payloads including a loader called Crowdoor. The campaign focused on cyber espionage targeting systems related to human rights studies in the region. This marks a strategic shift for Tropic Trooper previously known for targeting Southeast Asian countries.