A new report highlights TA397 (Bitter APT), an India-aligned threat group engaged in long-term espionage campaigns targeting global government and diplomatic entities. Their tactics include scheduled tasks, spearphishing, and malware payloads such as BDarkRAT, utilizing shared tools within Indian cyber espionage networks. #TA397 #BitterAPT
Keypoints
- TA397 conducts persistent cyber espionage using scheduled tasks for access and data exfiltration.
- The group targets a broad range of international government agencies and diplomatic missions.
- Spearphishing with various file types is their primary delivery method.
- The malware payloads reveal knowledge of legitimate entities and include encoded beacon data for detection.
- Operations follow a Monday–Friday schedule aligned with Indian Standard Time, sharing tools with other Indian threat actors.