Security News > 2023 > March > 'Bitter' espionage hackers target Chinese nuclear energy orgs
A cyberespionage hacking group tracked as 'Bitter APT' was recently seen targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders.
Bitter is a suspected South Asian hacking group known to target high-profile organizations in the energy, engineering, and government sectors in the Asian-Pacific region.
In May 2022, Bitter APT was spotted using spear phishing emails with malicious XLSX document attachments to load a trojan named 'ZxxZ' on targets in Southeast Asia.
In the new campaign found by Intezer, Bitter sends emails pretending to be from the Embassy of Kyrgyzstan in Beijing to various Chinese nuclear energy companies and academics related to that field.
The email pretends to be an invitation to a conference about nuclear energy supposedly held by the Kyrgyz Embassy, the International Atomic Energy Agency, and the China Institute of International Studies.
In most cases, Bitter APT uses a CHM payload that executes commands to create scheduled tasks on the compromised system and download the next stage.
News URL
Related news
- Chinese hackers breached T-Mobile's routers to scope out network (source)
- Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers (source)
- U.S. org suffered four month intrusion by Chinese hackers (source)
- Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage (source)
- Chinese hackers use Visual Studio Code tunnels for remote access (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- White House links ninth telecom breach to Chinese hackers (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- US sanctions Chinese company linked to Flax Typhoon hackers (source)
- Chinese hackers also breached Charter and Windstream networks (source)