Bangladesh swallowing a Bitter pill as trojan virus attacks Government Entities

Cisco Talos research looks at the impact of Bitter ATP’s latest hack

Bitter APT has added Bangladesh to its targets in a long-running, malicious campaign which, since August 2021 has seen high ranking officers of the Rapid Action Battalion Unit of the Bangladesh Police (RAB), repeatedly attacked by spear phishing emails.  

The emails contain either a malicious Rich Text Format document, or a weaponised Excel spreadsheet which will look for, and then attack, vulnerabilities on the victim’s machine. Once an attachment is opened, it automatically downloads a Trojan virus from the hosting server. This is a type of malware that disguises itself as a legitimate programme, but, has malicious code hidden inside which gains access to the user’s account and proceeds to wreak havoc.  

Once the malware has been unwittingly downloaded, it can start to install additional tools with the purpose of obtaining valuable user data. It is thought that Bitter, also known as T-APT-17, is a suspected South Asian threat actor. Active since 2013, Bitter targets energy, engineering and government sectors in China, Pakistan, and Saudi Arabia. And now, in this latest campaign, they have widened their reach to Bangladesh.  

Bitter is motivated by espionage. It spies on organisations by finding and exploiting weaknesses in its victim’s environments across both mobile and desktop. And it has a well-stocked arsenal of weaponry including Bitter RAT, Artra downloader, SlideRAT and AndroRAT.  

The study by Cisco Talos clearly shows that organizations cannot afford to let their guard down for a second, when it comes to being vigilant about cybersecurity, and the highly motivated threat actors who operate in their regions. Threat actors are smart, they have an agenda, and they will stop at nothing to achieve their aims, constantly looking for new ways to break into a target’s systems, adding new variants to their list of weaponry all the time.  

A multi-layer defence strategy is essential to prevent breaches, using the very latest protection in detection rules and behaviours in end-point defence solutions. But it’s not just the technology that needs to be cutting edge. A mature incident response plan, streamlined security posture, and a highly skilled and experienced team to implement and maintain your strategy, are all critical to protect businesses, and individuals effectively, against the constant, ever-evolving threats in today’s security landscape.


Related content: