Description
[BITTER](https://attack.mitre.org/groups/G1002) is a suspected South Asian cyber espionage threat group that has been active since at least 2013. [BITTER](https://attack.mitre.org/groups/G1002) has targeted government, energy, and engineering organizations in Pakistan, China, Bangladesh, and Saudi Arabia.(Citation: Cisco Talos Bitter Bangladesh May 2022)(Citation: Forcepoint BITTER Pakistan Oct 2016)
Techniques Used (TTPs)
- T1105 — Ingress Tool Transfer (command-and-control)
- T1071.001 — Web Protocols (command-and-control)
- T1588.002 — Tool (resource-development)
- T1568 — Dynamic Resolution (command-and-control)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1204.002 — Malicious File (execution)
- T1027.013 — Encrypted/Encoded File (defense-evasion)
- T1573 — Encrypted Channel (command-and-control)
- T1068 — Exploitation for Privilege Escalation (privilege-escalation)
- T1036.004 — Masquerade Task or Service (defense-evasion)
- T1608.001 — Upload Malware (resource-development)
- T1559.002 — Dynamic Data Exchange (execution)
- T1203 — Exploitation for Client Execution (execution)
- T1583.001 — Domains (resource-development)
- T1053.005 — Scheduled Task (execution, persistence, privilege-escalation)
- T1095 — Non-Application Layer Protocol (command-and-control)
Total TTPs: 16
Malware & Tools
Malware: ZxxZ