AdaptixC2 Framework Abused in Ransomware Operations

First reported

30.10.2025 18:00

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

AdaptixC2, a legitimate adversarial emulation framework, is being actively exploited by ransomware groups to deliver malicious payloads. The tool, originally designed for penetration testing, has been observed in ransomware operations worldwide, particularly after new detection signatures were released. The framework is linked to CountLoader, a malware loader, and has been used by the Akira ransomware group, which has breached over 250 organizations since 2023. The developer of AdaptixC2, known by the alias 'RalfHacker,' is under scrutiny due to potential ties to cybercriminal activities.

Timeline

30.10.2025 18:00 1 articles · 11d ago

AdaptixC2 Framework Abused in Ransomware Operations
AdaptixC2, a legitimate adversarial emulation framework, is being actively exploited by ransomware groups to deliver malicious payloads. The tool, originally designed for penetration testing, has been observed in ransomware operations worldwide, particularly after new detection signatures were released. The framework is linked to CountLoader, a malware loader, and has been used by the Akira ransomware group, which has breached over 250 organizations since 2023. The developer of AdaptixC2, known by the alias 'RalfHacker,' is under scrutiny due to potential ties to cybercriminal activities.
Show sources

Threat Actors Utilize AdaptixC2 for Malicious Payload Delivery — www.infosecurity-magazine.com — 30.10.2025 18:00
Open in new tab

Information Snippets

AdaptixC2 is an extensible post-exploitation platform with a Golang-based server and a GUI built in C++ and QT for cross-platform use.
First reported: 30.10.2025 18:00

1 source, 1 article
Show sources
- Threat Actors Utilize AdaptixC2 for Malicious Payload Delivery — www.infosecurity-magazine.com — 30.10.2025 18:00
AdaptixC2 is being used by ransomware groups, including Akira, which has breached over 250 organizations since 2023.
First reported: 30.10.2025 18:00

1 source, 1 article
Show sources
- Threat Actors Utilize AdaptixC2 for Malicious Payload Delivery — www.infosecurity-magazine.com — 30.10.2025 18:00
The tool is linked to CountLoader, a malware loader first highlighted in August 2025.
First reported: 30.10.2025 18:00

1 source, 1 article
Show sources
- Threat Actors Utilize AdaptixC2 for Malicious Payload Delivery — www.infosecurity-magazine.com — 30.10.2025 18:00
The developer of AdaptixC2, 'RalfHacker,' is a penetration tester and red team operator with potential ties to cybercriminal activities.
First reported: 30.10.2025 18:00

1 source, 1 article
Show sources
- Threat Actors Utilize AdaptixC2 for Malicious Payload Delivery — www.infosecurity-magazine.com — 30.10.2025 18:00
AdaptixC2 deployments increased after new detection signatures were released.
First reported: 30.10.2025 18:00

1 source, 1 article
Show sources
- Threat Actors Utilize AdaptixC2 for Malicious Payload Delivery — www.infosecurity-magazine.com — 30.10.2025 18:00