151.txt

Malicious Activities Concealed in Billing Documents APT-C-08 BITTER Latest Attack Campaign Briefing  
APT-C-08, also known as "BITTER", is an APT group targeting South Asian regions. Recently, we captured BITTER's attack activities against foreign military-industrial enterprises under the guise of "Details of bill", employing multiple novel attack techniques and samples. The group's frequent use of CHM scripts in compressed packages as initial attack vectors has shown evolutionary changes - instead of creating scheduled tasks via CHM as before, the latest campaign achieves persistence by copying PE files from the same directory while disguising them as system files to enhance deception. In the captured .NET-based RAT samples, while the code structure remains largely unchanged, modifications were observed in command names and command data processing. This behavioral pattern resembles SideWinder's tactics, where both groups primarily modify code execution components while focusing on optimizing traffic or code signature bypass techniques for subsequent remote control programs. Confronted with these evolving attack methodologies, maintaining constant vigilance remains crucial.