Bitter

Bitter, also tracked as APT Bitter, is a threat actor that carries out cyber‑espionage operations. The group primarily directs its activities toward military organisations in Bangladesh. It delivers its payloads through spear‑phishing emails that contain weaponized Excel documents. Those documents exploit a known Microsoft Office vulnerability to execute code on the victim’s system. Once executed, the attack drops a second‑stage implant written in Visual C++ that establishes a remote access channel. The implant is used to deploy additional tools and to exfiltrate information of intelligence value.

Bitter has shown a deliberate effort to evade detection by altering the fingerprinting function of its malware, replacing a distinctive separator with an underscore. This modification helps the group bypass signature‑based security tools while preserving the core exploitation chain. The actor consistently employs themed lures that align with the interests of its intended victims, increasing the likelihood of successful social engineering. Its focus on strategic military targets indicates a specialization in gathering classified or operational information rather than financial gain. Observed behaviour suggests a persistent and adaptive approach, with the group updating its tools and techniques after each campaign. No public information is available regarding the group's organisational structure, ownership, or any affiliations with larger entities.