A recently uncovered campaign targets Chinese-speaking individuals with a trojanized version of the SumatraPDF reader, which deploys the AdaptixC2 Beacon post-exploitation agent1. This agent enables attackers to exploit Microsoft Visual Studio Code tunnels for remote access. The campaign, attributed with high confidence to Tropic Trooper, was discovered by Zscaler ThreatLabz last month. The use of trojanized software and exploitation of legitimate tools like VS Code tunnels underscores the evolving tactics of state-aligned threat actors. The involvement of Microsoft products in this campaign shifts the threat model from traditional criminal activity to geopolitical motivations, requiring a distinct approach to mitigation and defense. This campaign's sophistication and use of legitimate tools to gain remote access make it a significant concern for practitioners, as it highlights the need for vigilance in securing software supply chains and legitimate tools from exploitation.