Menu
Browse

Bitter

Aliases: 2 aliases
Primary URL Location Industry
Undetermined
Country Pakistan
Defense Icon
Defense
Profile

Bitter, also tracked as APT Bitter, is an advanced persistent threat group. The group is headquartered in Pakistan. Its primary activity is conducting cyber‑espionage operations. It focuses on military and government entities as strategic targets. Initial access is typically gained through spear‑phishing campaigns that deliver weaponized documents.

On 15 May 2022 Bitter launched a campaign against military organisations in Bangladesh. The attack used spear‑phishing emails containing weaponized Excel files. The Excel documents exploited a known Microsoft Office vulnerability to execute code. A second‑stage implant written in Visual C++ was deployed after the initial exploit. The implant functioned as a Remote Access Trojan enabling attackers to gather intelligence. The operation was aimed at collecting sensitive information from the targeted military networks.

To avoid detection, Bitter modified the malware’s fingerprinting function by replacing a distinctive separator character with an underscore. This alteration preserved the malware’s functionality while changing its observable signature. The group consistently employs themed lures that match the interests of its intended victims. These tactics demonstrate a focus on stealth and adaptability in its toolset. Bitter’s capabilities include developing custom malware tailored to specific intrusion stages.

Public sources do not disclose any information about the group's ownership, parent organization, or subsidiary relationships. Consequently, its organizational structure remains opaque beyond its known base in Pakistan. The group’s scope is limited to espionage‑oriented activities, with no indication of commercial products or services. All known attributes of Bitter are derived from observed incidents and technical analysis of its malware.

Incidents
Linked incidents available to members
1 incident