Threat Intelligence, Malware

Two-pronged approach leveraged by Bitter APT in new backdoor intrusions

HackRead reports that novel tactics have been leveraged by South Asian advanced persistent threat operation Bitter to compromise government, military, and power utility entities in China and Pakistan with information-stealing malware.

Bitter has used a custom Microsoft Office .xlam file to activate a macro that then exploits local computer tools to launch a C# backdoor, which facilitates remote download and execution of nefarious software on targeted devices, according to a Qianxin Threat Intelligence Centre analysis. Such a backdoor has also been distributed by Bitter through a more clandestine method involving an illicit RAR archive that abuses an unpatched WinRAR security issue.

"The above two attacks ultimately use the same C# backdoor, and the C&C server of the backdoor communication points to the sub-domain of esanojinjasvc.com, which was registered in April this year, so we can assume that these samples come from the same attack group," said researchers, who recommended the use of updated WinRAR software, macro deactivation, and network traffic monitoring to mitigate the threat.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds