BITTER

Bitter, also known as T-APT-17, is a suspected South Asian threat actor involved in cyber espionage activities. Since August 2021, the Bitter APT group has been observed by Cisco Talos to be operating an ongoing campaign targeting Bangladeshi government personnel with spear-phishing emails. The similarities between the C2 server in this campaign and that of Bitter's previous campaign suggest with moderate confidence that this campaign is operated by the Bitter APT group. This group poses a significant cybersecurity threat with its focused attacks on governmental entities. The operations of Bitter have had a widespread impact, including sparking renewed fears of Russian attacks on critical infrastructure. In a state-of-the-nation speech, Putin announced his unchanging strategy in the war in Ukraine, adding to the tension caused by the threat actor. Historical events such as the invasion of South Korea by Kim Il Sung in 1950 and the subsequent bitter conflict have also been associated with the actions of this threat actor, highlighting the long-standing nature of their activities. However, the activities of Bitter are not limited to geopolitical conflicts. They have also been linked to online controversies, such as the dispute over WP Engine's WordPress services and incidents of doxxing within the domme community. These instances demonstrate the diverse range of targets and tactics used by Bitter, underlining the need for comprehensive cybersecurity measures across different sectors and online communities.