The article discusses a joint analysis by Proofpoint and Threatray on a state-backed hacking group known as Bitter. This group is believed to focus primarily on intelligence gathering pertinent to the Indian government. Their operations often involve sophisticated toolsets and targeting of select entities, including governments and defense organizations within South Asia, with signs of expanding operations into Turkey and other regions. Attack methods typically include spear-phishing to deliver malware disguised as attachments from various email domains, often masquerading as official communications from other nations.
The threat actor known as Bitter has been assessed to be a state-backed hacking group that's tasked with gathering intelligence that aligns with the interests of the Indian government.
Their diverse toolset shows consistent coding patterns across malware families, particularly in system information gathering and string obfuscation.
Bitter frequently singles out an exceedingly small subset of targets...aimed at governments, diplomatic entities, and defense organizations for intelligence collection.
It is clear that TA397 has no qualms with masquerading as other countries' governments, including Indian allies.
Collection
[
|
...
]