Expanding Bitter APT operation exposed

More expansive cyberespionage campaigns have been launched by the advanced persistent threat operation Bitter, which has been associated with the Indian government based on infrastructure-related activity, The Hacker News reports.

Aside from deploying spear-phishing attacks involving the impesonation of Bangladeshi, Pakistani, Chinese, and South Korean governments and diplomatic entities, Bitter also known as TA397, APT-C-08, Orange Yali, and Hazy Tiger has also conducted malicious intrusions aimed at facilitating KugelBlitz and BDarkRAT payload compromise, according to a joint analysis by Proofpoint and Threatray. Additional findings revealed that Bitter has been leveraging a plethora of tools in its attacks, including ArtraDownloader that downloads the system data gathering WSCSPL backdoor, the Almond RAT and MuuyDownloader trojans, the ORPCBackdoor, and the KiwiStealer information-stealing malware. ORPCBackdoor was previously linked to the Mysterious Elephant threat actor, which was reported by the Knownsec 404 Team to have been associated with Indian threat operations SideWinder and Confucius.