A persistent threat actor from the South Asia region has been observed by security researchers targeting the nuclear energy sector in China. Security firm Intezer detailed the cyberespionage campaign purported by a threat group dubbed ‘Bitter.’ The group has been active since t least 2021 and is known for targeting of energy and government organizations in Asia including those in Bangladesh, China, Pakistan, and Saudi Arabia. The group leverages Excel exploits and Microsoft Compiled HTML Help and Windows Installer files.
The group was recently observed using updated first-stage payloads in the campaign. The updated payloads add an extra layer of obfuscation, security researchers say. The Bitter APT targeted recipients in China’s nuclear energy industry by delivering phishing emails to employees impersonating the embassy of Kyrgyzstan in China.
Read More: China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign