Security experts from SecuInfra have issued an advisory on an Advanced Persistent Threat group named ‘Bitter’. The advisory states that the said hacking group has launched consistent hacking campaigns belonging to Bangladesh Military to conduct espionage and steal classical info.
SecuInfras findings were based on another report of Cisco Talos that was released in May 2022 and it confirmed digital attacks on several Bangladesh government organizations to take control of their networks.
All such attacks take place through email phishing campaigns. And the latest detected by the experts was no exception.
Technically, security researchers found that the email, when opened, will take the advantage of a Microsoft Equation Editor exploit to induce a payload called ZxxZ remotely. This code then uses Visual C++ and allows threat actors to deploy additional malware.
Details on who is funding BITTER and from where these threat group is operating is yet to be known. But an analysis conducted by Cisco Talos a month back gained insights that the group was being funded by a terror group operating in Asia and has the potential to stay anonymous to avoid existing detection.
NOTE- In the past few months, especially after the COVID-induced lockdown, when most of the corporate work was been done from home, such threat actor groups sprouted from everywhere. Their primary aim was to trap such WFH employees and gain monetary benefits, either by threatening them or stealing their data and selling it on the dark web. So, it is better if employees and the company’s IT teams stay vigilant about these hacking groups and take the steps to mitigate risks.
