Qianxin Threat Intelligence has uncovered new cyber-espionage campaigns linked to the Bitter APT group, targeting government and military entities in Asia with novel C# backdoors. The attacks use macro-based inflections and WinRAR exploits, with infrastructure connected to previous regional APT activities. #BitterAPT #QianxinThreatCenter
Keypoints
- The Bitter APT group is conducting targeted cyber-espionage in China, Pakistan, and surrounding nations.
- The malware deployment involves malicious Office macros and WinRAR vulnerabilities for infection.
- The attackers leverage disguised Excel add-ins and infected RAR archives to deploy a C# backdoor.
- The backdoor collects device info, downloads payloads, and communicates over HTTPS with control servers.
- Infrastructure overlaps with previous espionage campaigns like Craneflower, indicating shared resources among APTs.