BITTER

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Bitter, also known as T-APT-17, is a suspected South Asian threat actor that has been involved in various cyber campaigns. The group has been active since at least August 2021, with its operations primarily targeting government personnel in Bangladesh through spear-phishing emails. The similarities between the C2 server used in this campaign and those of Bitter's previous activities suggest a consistent pattern of behavior and provide moderate confidence that these actions are indeed conducted by the Bitter APT group. The operations of Bitter have wider geopolitical implications. For instance, their activities coincide with a period of heightened tensions and conflicts worldwide, such as the ongoing war in Ukraine and past conflicts like the Korean War in the 1950s. This context suggests that Bitter, like other threat actors, may be exploiting global instability to advance their malicious objectives. It's important to note, however, that the direct connection between Bitter's activities and these geopolitical events is not explicitly established based on the provided information. In addition to its technical capabilities, Bitter's operations underscore the broader challenges posed by disinformation and manipulation in the digital age. Accusations of media disinformation, election manipulation, and crackdowns on political dissent reflect the complex and multifaceted nature of the threats posed by entities like Bitter. As such, countering these actors requires not only robust cybersecurity measures but also efforts to promote transparency, accountability, and resilience in our digital information ecosystems.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Bisonal
1
Bisonal is a multifunctional malware that has been in use for over a decade by the Tonto Team, a Chinese government-aligned Advanced Persistent Threat (APT) group. This malicious software is known for its extensive capabilities including process and file information harvesting, command and file exec
T-APT-17
1
None
Sidewinder
1
The Sidewinder threat actor group, also known as Rattlesnake, BabyElephant, APT Q4, APT Q39, Hardcore Nationalist, HN2, RAZOR Tiger, and GroupA21, is a significant cybersecurity concern with a history of malicious activities dating back to 2012. This report investigates a recent campaign by Sidewind
Confucius
1
Confucius is a threat actor primarily involved in cyberespionage campaigns, with notable activities against Pakistan since 2013. The group has been linked to the India-Pakistan conflict and has been identified as using novel Android spyware, Hornbill and SunBird, to scrape call logs and WhatsApp mes
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Phishing
Exploit
Payload
Nuclear
Espionage
Rat
Downloader
Ukraine
Eu
Malware
Ukraine’s
Ransomware
China
India
Cloudzy
Spyware
Zero Day
Fraud
Israel
Government
Russia
Curl
Korean
Iran
Japan
Cisco
Nsa
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
KONNIUnspecified
1
Konni is a malware, short for malicious software, that poses a significant threat to computer systems and data. It's designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Konni can wreak havoc by stealin
AvengerUnspecified
1
The Avenger is a notorious malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through dubious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold dat
BISCUITUnspecified
1
"Biscuit" is a sophisticated malware variant that was notably used in an attack campaign titled "Operation Bitter Biscuit". This operation was first reported by AhnLab in October 2017, targeting entities in South Korea, Japan, India, and Russia. The offensive made use of the Bisonal remote access tr
ShadowPadUnspecified
1
ShadowPad is a modular backdoor malware that has been utilized by several Chinese threat groups since at least 2017. Notably, it was used as the payload in supply chain attacks targeting South Asian governments, as reported in the VB2023 paper. ShadowPad provides near-administrative capabilities in
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
APT36Unspecified
1
APT36, also known as Transparent Tribe and Earth Karkaddan, is a notorious threat actor believed to be based in Pakistan. The group has been involved in cyberespionage activities primarily targeting India, with a focus on government, military, defense, aerospace, and education sectors. Their campaig
Tonto TeamUnspecified
1
Tonto Team is a Chinese government-aligned Advanced Persistent Threat (APT) group, recognized for its malicious cyber activities. The team has been active for over a decade, utilizing various types of malware, notably the Bisonal and ShadowPad backdoors, in campaigns against entities in Japan, Russi
KimsukyUnspecified
1
Kimsuky is a North Korea-linked advanced persistent threat (APT) group that conducts global cyber-attacks to gather intelligence for the North Korean government. The group has been identified as a significant threat actor, executing actions with malicious intent, and has recently targeted victims vi
TA505Unspecified
1
TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec
BluenoroffUnspecified
1
BlueNoroff, a threat actor closely associated with the notorious Lazarus Group, has been actively involved in malicious cyber activities primarily targeting financial institutions and cryptocurrency businesses. Known for its sophisticated attacks on banks, casinos, fintech companies, POST software,
FIN12Unspecified
1
FIN12, also known as DEV-0237 and Pistachio Tempest, is a threat actor group notorious for its malicious cyber activities. Tracked by Microsoft, this group is primarily engaged in the distribution of Hive, Conti, and Ryuk ransomware. The group has been responsible for several high-profile ransomware
PasscvUnspecified
1
PassCV is a threat actor, or hacking team, that has been identified as part of the Chinese intelligence apparatus. This group has operated under various names including Winnti, APT17, Axiom, LEAD, BARIUM, Wicked Panda, and GREF, indicating a broad and complex network of cyber operations. The group i
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SpectreUnspecified
1
Spectre, also known as Spectre-BHB or branch history injection (BHI), is a software vulnerability that allows unauthorized access to sensitive data stored in the cache memory of computer systems. Discovered in 2018, it was initially dismissed by some in the semiconductor industry due to its potentia
Source Document References
Information about the BITTER Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
Pakistan Bans Visits to Jailed Ex-PM Khan Over Disputed Terror Threat
CERT-EU
5 months ago
"Wiki-Gate": Julian Assange Was Framed by the People Who Supported Him - Global Research
CERT-EU
6 months ago
In the new Cologne “Tatort” Ballauf and Schenk meet the Wolf of Wall Street – Tripoli Post
CERT-EU
6 months ago
Commentary: North Korea ramps up military rhetoric as Kim Jong Un gives up on reunification with South
CERT-EU
7 months ago
Ukraine braces for Russian winter assault on critical energy grid, telecom infrastructure
CERT-EU
7 months ago
Parliament Winter Session Live Updates Day 8: Security breach in Parliament
CERT-EU
8 months ago
Crusading attorney battles feds over Seth Rich cover-up
CERT-EU
8 months ago
Whistleblower: Massive secret censorship launched under Obama
CERT-EU
8 months ago
Not even BIDEN protected from leftist claims of 'disinformation'?
CERT-EU
8 months ago
Report: Deep Staters at Justice Department hid surveillance of Congress for YEARS
CERT-EU
8 months ago
Almost entire population of U.S. state become victims in massive data breach
CERT-EU
9 months ago
Government censors dismayed their attacks on social media get complicated
CERT-EU
9 months ago
DoNot Team's New Firebird Backdoor Hits Pakistan and Afghanistan
CERT-EU
9 months ago
Political storm over ‘cash for query’ allegation against TMC MP Mahua Moitra intensifies  
CERT-EU
9 months ago
Transatlantic blame game: Trump, Merkel, Biden and the danger of Germany’s dependence on Huawei
CERT-EU
10 months ago
Hundreds dead as Arab-Israeli conflict erupts again
CERT-EU
a year ago
Yevgeny Prigozhin, Mercenary Leader Whose Mutiny Was ‘Stab In The Back’ For Putin – Analysis
CERT-EU
10 months ago
Help Wanted: US Space Force
CERT-EU
a year ago
Fifty Years Since the Chilean Coup of September 11, 1973 - Global Research
Naked Security
a year ago
FBI warns about scams that lure you in as a mobile beta-tester