HackRead reports that novel tactics have been leveraged by South Asian advanced persistent threat operation Bitter to compromise government, military, and power utility entities in China and Pakistan with information-stealing malware.Bitter has used a custom Microsoft Office .xlam file to activate a macro that then exploits local computer tools to launch a C# backdoor, which facilitates remote download and execution of nefarious software on targeted devices, according to a Qianxin Threat Intelligence Centre analysis. Such a backdoor has also been distributed by Bitter through a more clandestine method involving an illicit RAR archive that abuses an unpatched WinRAR security issue."The above two attacks ultimately use the same C# backdoor, and the C&C server of the backdoor communication points to the sub-domain of esanojinjasvc.com, which was registered in April this year, so we can assume that these samples come from the same attack group," said researchers, who recommended the use of updated WinRAR software, macro deactivation, and network traffic monitoring to mitigate the threat.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




