Security News > 2023 > March > 'Bitter' espionage hackers target Chinese nuclear energy orgs
A cyberespionage hacking group tracked as 'Bitter APT' was recently seen targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders.
Bitter is a suspected South Asian hacking group known to target high-profile organizations in the energy, engineering, and government sectors in the Asian-Pacific region.
In May 2022, Bitter APT was spotted using spear phishing emails with malicious XLSX document attachments to load a trojan named 'ZxxZ' on targets in Southeast Asia.
In the new campaign found by Intezer, Bitter sends emails pretending to be from the Embassy of Kyrgyzstan in Beijing to various Chinese nuclear energy companies and academics related to that field.
The email pretends to be an invitation to a conference about nuclear energy supposedly held by the Kyrgyz Embassy, the International Atomic Energy Agency, and the China Institute of International Studies.
In most cases, Bitter APT uses a CHM payload that executes commands to create scheduled tasks on the compromised system and download the next stage.
News URL
Related news
- Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)