Dark Web Profile: Tropic Trooper (APT23) - #APT23
The cyberespionage group Tropic Trooper, also known as APT23, Earth Centaur, KeyBoy, and Pirate Panda, has expanded its operations since June 2023 to target Middle Eastern government entities and human rights organizations, particularly those focused on the Israel-Hamas conflict. Historically attacking sectors in Taiwan, Hong Kong, and the Philippines, the group has employed advanced tactics, including DLL side-loading, encrypted web shells, and obfuscation methods like Base64 encoding and RC4 obfuscation, to deploy malware like the China Chopper web shell and Crowdoor loader. Kaspersky researchers have documented the group's exploitation of vulnerabilities in platforms like Microsoft Exchange and Adobe ColdFusion, enabling lateral movement and persistent access to targeted networks. Tropic Trooper's campaign demonstrates a strategic interest in politically sensitive data, using sophisticated malware variants and constantly evolving techniques to evade detection. These findings underscore the importance of robust cybersecurity measures and continuous monitoring to defend against such advanced persistent threats.