Operation Bitter Biscuit

Operation Bitter Biscuit, as reported by AhnLab, was a malicious campaign executed by a threat actor known as the Tonto Team. This operation targeted entities in South Korea, Japan, India, and Russia, with the initial report being published in October 2017. The main tools used in this cyber-attack were Bisonal and its successors, Bioazih and Dexbia, which are types of Remote Access Trojans (RATs). These RATs enable hackers to control and manipulate victim systems from afar, thus posing significant security threats. By 2018, Operation Bitter Biscuit had escalated, focusing particularly on Korean and Japanese entities. In response, AhnLab released a detailed paper outlining the operation's tactics, techniques, and procedures. The attackers also incorporated a variant of the Bisonal RAT that was highly similar to a version previously used during the operation. This indicated a persistent and evolving threat from the same threat actor group. Furthermore, the threat actors utilized ShadowPad in their attacks. ShadowPad is an infamous backdoor that has been linked to several high-profile cyber espionage campaigns. Its use in conjunction with the Bisonal RAT variant heightened the severity and complexity of the Operation Bitter Biscuit. Overall, the operation demonstrated the Tonto Team's sophistication and adaptability, underlining the need for continuous vigilance and advanced defense strategies in cybersecurity.