Overview
- Silent Push published a detailed analysis tying recent CountLoader activity to deployments of the open‑source AdaptixC2 in active ransomware operations.
- Researchers reported a measurable uptick in AdaptixC2 sightings after new detection signatures were introduced and shared with the community.
- Threat actors linked to the Akira and Fog ransomware operations, along with an initial access broker, were observed incorporating AdaptixC2 into intrusion chains.
- AdaptixC2 features a Golang server and a C++/QT client that runs on Linux, Windows and macOS, making it a versatile post‑exploitation platform for both testers and criminals.
- Investigators associated the developer alias “RalfHacker” with GitHub accounts and Russian‑language Telegram promotion, assessing the ties as notable with moderate confidence without confirming direct involvement in attacks.