← threatfilter.dev / all groups / BITTER
BITTER
Also known as: T-APT-17
Overview
BITTER is a suspected South Asian cyber espionage threat group that has been active since at least 2013. BITTER has targeted government, energy, and engineering organizations in Pakistan, China, Bangladesh, and Saudi Arabia.
Regions
Germany
Capabilities
- Exploitation of public-facing / client applications — ATT&CK T1203
TTPs — 16 techniques across 6 tactics
Resource Development
-
T1583.001Domains -
T1588.002Tool -
T1608.001Upload Malware
Initial Access
-
T1566.001Spearphishing Attachment
Execution
-
T1053.005Scheduled Task -
T1203Exploitation for Client Execution -
T1204.002Malicious File -
T1559.002Dynamic Data Exchange
Privilege Escalation
Stealth
-
T1027.013Encrypted/Encoded File -
T1036.004Masquerade Task or Service
Command and Control
-
T1071.001Web Protocols -
T1095Non-Application Layer Protocol -
T1105Ingress Tool Transfer -
T1568Dynamic Resolution -
T1573Encrypted Channel
Tools & malware (1)
ZxxZ
Reporting (2)
- Bitter APT adds Bangladesh to their targets — Raghuprasad, C
- BITTER: a targeted attack against Pakistan — Dela Paz, R