Supply Chain Attack on SumatraPDF Targeting Chinese Users

Event Overview

On 12 March 2026 Zscaler ThreatLabz first observed a supply‑chain attack in which a malicious ZIP archive contained decoy documents with military‑themed filenames (e.g., CECC昆山元宇宙产业基地建设方案(20230325).docx , 美英与美澳核潜艇合作的比较分析(2025).exe ). The archive’s true payload is a tampered SumatraPDF executable renamed to the .exe file. When the victim runs the file, a benign PDF is displayed while a backdoor runs silently in the background.

The operation is attributed to the APT group Tropic Trooper (also known as Earth Centaur or Pirate Panda), active since 2011 and previously focused on government, healthcare, transportation, and high‑tech sectors. This campaign expands the target set to Chinese‑language users in Taiwan and also reaches individuals and entities in Korea and Japan.

Four‑Step Attack Chain

Step 1 – Disguise

Tropic Trooper weaponizes the open‑source SumatraPDF binary by embedding a backdoor. The malicious SumatraPDF.exe is renamed to a plausible document about AUKUS nuclear‑submarine cooperation. Execution shows the expected PDF to the user while the embedded backdoor runs silently.

Step 2 – Hidden Loader

The altered SumatraPDF hijacks control flow and loads a component named TOSHIS loader . In memory the loader decrypts and executes the next payload: an AdaptixC2 Beacon agent that establishes an initial foothold on the victim host.

Step 3 – Silent Persistence and Selection

The Beacon first queries ipinfo.io to obtain its external IP address. It then contacts a fake GitHub repository, exchanging commands via GitHub Issues and uploading exfiltrated data to the repository. This traffic blends with normal developer activity, making it difficult for traditional network monitoring to flag.

Step 4 – Targeted Strike

After assessing the host’s value, the Beacon downloads and installs Visual Studio Code . Using VS Code’s built‑in “Tunnels” feature, it creates an encrypted, persistent remote‑access channel that traverses Microsoft’s infrastructure, granting the attackers full control for lateral movement and data theft.

Technical Deep‑Dive

C2 Innovation – GitHub as Relay

Instead of typical social‑media or cloud‑storage C2 channels, Tropic Trooper creates a dedicated GitHub account and repository. The Beacon’s communication is hidden inside normal Git operations: it posts commands as Issues and writes exfiltrated data as repository commits. From the network perspective this appears as routine code pushes and pulls.

VS Code Tunnels as Trojan Horse

VS Code Tunnels, designed for secure remote collaboration, encrypts traffic and routes it through Microsoft’s backend. Because endpoint‑detection‑and‑response (EDR) solutions commonly whitelist code.exe, tunnel creation generates no alerts, allowing the malicious channel to blend with legitimate Microsoft traffic.

Toolset Evolution – Embracing Open‑Source Frameworks

Compared with earlier use of Cobalt Strike Beacon and Mythic Merlin, this campaign relies on the open‑source AdaptixC2 framework, increasing variant diversity and complicating attribution. The backdoor also incorporates the group’s signature EntryShell payload and a Cobalt Strike Beacon bearing a “520” watermark, confirming the actor’s identity.