{"id":215481,"date":"2025-06-06T05:11:20","date_gmt":"2025-06-06T10:11:20","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/06\/researchers-detail-bitter-apts-evolving-tactics-as-its-geographic-scope-expands"},"modified":"2025-06-06T05:11:20","modified_gmt":"2025-06-06T10:11:20","slug":"researchers-detail-bitter-apts-evolving-tactics-as-its-geographic-scope-expands","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/06\/researchers-detail-bitter-apts-evolving-tactics-as-its-geographic-scope-expands","title":{"rendered":"Researchers Detail Bitter APT\u2019s Evolving Tactics as Its Geographic Scope Expands"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/researchers-detail-bitter-apts-evolving-tactics-as-its-geographic-scope-expands.jpg\"><\/a><\/p>\n<p>Stating that Bitter frequently singles out an \u201cexceedingly small subset of targets,\u201d Proofpoint said the attacks are aimed at governments, diplomatic entities, and defense organizations so as to enable intelligence collection on foreign policy or current affairs.<\/p>\n<p>Attack chains mounted by the group typically leverage spear-phishing emails, with the messages sent from providers like 163[.]com, 126[.]com, and ProtonMail, as well as compromised accounts associated with the governments of Pakistan, Bangladesh, and Madagascar.<\/p>\n<p>The threat actor has also been observed masquerading as government and diplomatic entities from China, Madagascar, Mauritius, and South Korea in these campaigns to entice recipients into malware-laced attachments that trigger the deployment of malware.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Stating that Bitter frequently singles out an \u201cexceedingly small subset of targets,\u201d Proofpoint said the attacks are aimed at governments, diplomatic entities, and defense organizations so as to enable intelligence collection on foreign policy or current affairs. Attack chains mounted by the group typically leverage spear-phishing emails, with the messages sent from providers like 163[.]com, [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1490,31],"tags":[],"class_list":["post-215481","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-government","category-policy"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/215481","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=215481"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/215481\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=215481"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=215481"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=215481"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}