Bitter APT Group Leverages Office Macros and WinRAR Flaw

The Bitter APT group, also known as APT-Q-37, has been discovered using malicious Office macros and a previously undocumented WinRAR vulnerability to deploy a C# backdoor. This dual-pronged attack targets high-value sectors such as government, electric power, and military. The group, believed to operate from a South Asian base, has been active for several years, conducting highly targeted espionage operations. Researchers warn of the group's evolving tactics and urge organizations to adopt multi-layered defense strategies, including disabling macros and applying patches.

Latest mentioned: 10-22

Earliest mentioned: 10-22

Sources

securityonline.info gbhackers.com cybersum.net

Also Read

PolarEdge ORB Network Unveiled: 25,000 IoT Devices Compromised

XLab has discovered RPX_Client, a new module in the PolarEdge ORB network, which hijacks IoT devices for global proxy operations. The malware, distributed via IP address 111.119.223.196, onboards infected devices into the PolarEdge proxy pool, providing relay services and executing remote commands. Over 25,000 devices have been compromised, primarily network video recorders and routers. The command-and-control infrastructure includes 140 active RPX_Server nodes, using a PolarSSL test certificate and listening on port 55555. The RPX_Client module functions as a relay agent, disguising its process name and maintaining configuration data encrypted via XOR. The malware maintains two persistent C2 channels for registration, proxy services, and remote command execution.

10-31Read more →