Security News > 2023 > March > 'Bitter' espionage hackers target Chinese nuclear energy orgs

'Bitter' espionage hackers target Chinese nuclear energy orgs
2023-03-24 14:47

A cyberespionage hacking group tracked as 'Bitter APT' was recently seen targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders.

Bitter is a suspected South Asian hacking group known to target high-profile organizations in the energy, engineering, and government sectors in the Asian-Pacific region.

In May 2022, Bitter APT was spotted using spear phishing emails with malicious XLSX document attachments to load a trojan named 'ZxxZ' on targets in Southeast Asia.

In the new campaign found by Intezer, Bitter sends emails pretending to be from the Embassy of Kyrgyzstan in Beijing to various Chinese nuclear energy companies and academics related to that field.

The email pretends to be an invitation to a conference about nuclear energy supposedly held by the Kyrgyz Embassy, the International Atomic Energy Agency, and the China Institute of International Studies.

In most cases, Bitter APT uses a CHM payload that executes commands to create scheduled tasks on the compromised system and download the next stage.


News URL

https://www.bleepingcomputer.com/news/security/bitter-espionage-hackers-target-chinese-nuclear-energy-orgs/