Bitter APT targets Bangladesh

This campaign targets an elite unit of the Bangladesh’s government with a themed lure document alleging to relate to the regular operational tasks in the victim’s organization.
The lure document is a spear-phishing email sent to high-ranking officers of the Rapid Action Battalion Unit of the Bangladesh police (RAB).
The emails contain either a malicious RTF document or a Microsoft Excel spreadsheet weaponized to exploit known vulnerabilities.
Once the victim opens the maldoc, the Equation Editor application is automatically launched to run the embedded objects containing the shellcode to exploit known vulnerabilities described by CVE-2017-11882, CVE-2018-0798 and CVE-2018-0802 – all in Microsoft Office – then downloads the trojan from the hosting server and runs it on the victim’s machine.
The trojan masquerades as a Windows Security update service and allows the malicious actor to perform remote code execution, opening the door to other activities by installing other tools.
In this campaign, the trojan runs itself but the actor has other RATs and downloaders in their arsenal.

Such surveillance campaigns could allow the threat actors to access the organization’s confidential information and give their handlers an advantage over their competitors, regardless of whether they’re state-sponsored.

Sign Up For Threat Alerts

Loading...
Threats Icon

May 25, 2022

Twisted Panda: Chinese APT espionage operation against...

Check Point Research (CPR) details a targeted campaign that has been using sanctions-related baits to...

Threats Icon

May 23, 2022

A deeper look at XorDdos malware targeting...

In the last six months, we observed a 254% increase in activity from a Linux...

Threats Icon

May 22, 2022

Ransomware Spotlight RansomEXX

RansomEXX is another ransomware variant that runs on a ransomware-as-a-service (RaaS) model and has been...

Threats Icon

May 19, 2022

Malicious Compiled HTML Help File Delivering Agent...

PaloAlto Unit42 discovered a malicious HTML help file delivering Agent Tesla. The attack is interesting...

Threats Icon

May 16, 2022

BPFdoor: Stealthy Linux malware bypasses firewalls for...

A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems...

Threats Icon

May 16, 2022

Onyx ransomware destroys files instead of encrypting...

A new Onyx ransomware operation is destroying files larger than 2MB instead of encrypting them,...

Threats Icon

May 15, 2022

Researchers Warn of Nerbian RAT Targeting Entities...

A previously undocumented remote access trojan (RAT) written in the Go programming language has been...

Threats Icon

May 11, 2022

Experts Sound Alarm on DCRat Backdoor Being...

Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat (aka...

Threats Icon

May 11, 2022

The Lotus Panda is awake, again

In this attack analyzed by C25, the Chinese APT used a spear phishing email to...

Threats Icon

May 09, 2022

Moshen Dragon – Abusing Security Software to...

SentinelLabs recently uncovered a cluster of activity targeting the telecommunication sector in Central Asia, utilizing...

Threats Icon

May 09, 2022

AvosLocker Ransomware Abuses Driver File to Disable...

TrendMicro found samples of AvosLocker ransomware that makes use of a legitimate driver file to...

Threats Icon

May 02, 2022

LockBit Ransomware Side-loads Cobalt Strike Beacon

The VMware command line utility VMwareXferlogs.exe used for data transfer to and from VMX logs...

Threats Icon

May 02, 2022

Emotet Returns With New TTPs And Delivers...

The epoch4 Emotet server started spamming and delivering zipped .lnk files to its victims through...

Threats Icon

Apr 28, 2022

BRONZE PRESIDENT

Government-sponsored threat actors collect intelligence to benefit their country, and changes to the political landscape...

Threats Icon

Apr 27, 2022

New SysJoker Backdoor Targets Windows, Linux, and...

Malware targeting multiple operating systems has become no exception in the malware threat landscape. SysJoker...