AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks

Researchers have been studying the ‘AdaptixC2’ open-source post exploitation and adversarial emulation framework designed for penetration testing to see how it can be used by malicious actors against enterprises.
Palo Alto Networks reports that the framework allows for comprehensive control of compromised machines, enabling a wide range of actions, and supports Beacon Object Files (BOFs) – small custom programs written in C that can be executed directly within the agent’s process to avoid detection.
The framework is increasingly being used by hackers to steal data from compromised networks by encrypting configurations that are embedded within the code.
Security defences that can detect and prevent malware ations using machine learning can help to combat this threat.
Threat actors are using various tactics to deploy the AdaptixC2 beacon, including a multi-stage PowerShell loader that downloads an encoded and encrypted payload from a legitimate service but decrypts it within memory to avoid leaving a footprint.
Built-in system functionalities are used to execute shellcode for efficiency and stealth.
PowerShell scripts are used to execute the AdaptixC2 beacon both through in-memory shellcode injection and file-based DLL hijacking persistence mechanisms.

Fast Feed