Security News > 2023 > March > 'Bitter' espionage hackers target Chinese nuclear energy orgs
A cyberespionage hacking group tracked as 'Bitter APT' was recently seen targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders.
Bitter is a suspected South Asian hacking group known to target high-profile organizations in the energy, engineering, and government sectors in the Asian-Pacific region.
In May 2022, Bitter APT was spotted using spear phishing emails with malicious XLSX document attachments to load a trojan named 'ZxxZ' on targets in Southeast Asia.
In the new campaign found by Intezer, Bitter sends emails pretending to be from the Embassy of Kyrgyzstan in Beijing to various Chinese nuclear energy companies and academics related to that field.
The email pretends to be an invitation to a conference about nuclear energy supposedly held by the Kyrgyz Embassy, the International Atomic Energy Agency, and the China Institute of International Studies.
In most cases, Bitter APT uses a CHM payload that executes commands to create scheduled tasks on the compromised system and download the next stage.
News URL
Related news
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)