Tropic Trooper exploits vulnerabilities in public-facing web servers, such as Microsoft Exchange Server, to gain initial access to target networks. They leverage known vulnerabilities (like CVE-2023-26360) to establish a foothold and deploy web shells like “ByPassGodzilla” for further malicious activities.