Bitter APT Becomes a Suspected Indian Group to Conduct Cyber Espionage against China & Pakistan

Bitter APT

In the wake of growing cyber warfare activities, cyber domain has become one of the most conflicting sectors in today’s society. Every country is preparing for large-scale, nation-backed attacks to win the defense and security game.

India has also bolstered its cyber game. In doing so, the country has laid down protocols for prevention and audit to secure the critical infrastructures. Moreover, it has also increased its offensive cyber building by promoting private actors and firms offering advanced services.

A recent report stated that India abused an American company’s tech to target the governments and organisations in China and Pakistan. The researchers at Kaspersky, a Russian cybersecurity firm, revealed that cyber espionage targeting Microsoft Windows PCs in both the countries began in June 2020 and continued through to April 2021.

Kaspersky named these digital spies Bitter APT. The firm stated that the attributes of the hacking software were similar to another company, previously code-named as Moses. The latter has been an active provider of hacking technology also known as “zero-day exploit broker.” Moses has actively been helping hackers or spies to break into the target systems by finding loopholes in their operating systems or apps.

The Kaspersky research also suggested that Moses was an Austin, Texas, company otherwise known as Exodus Intelligence. The latter made a name for itself with a Time magazine cover story and the leak of a tool that law enforcement used to hack the anonymizing browser Tor to ensnare child predators. The research also stated that Bitter APT, the Moses customer, is India.

Exodus is marketed primarily as a tool for defenders, but it is up to the customers to use the Exodus zero day information that covers operating systems from Windows to Google’s Android and Apple’s iOS. Logan Brown, CEO, Co-Founder, Exodus believes that India handpicked one of the Windows vulnerabilities from the feed – that allowed it deep access to Microsoft’s operating system, and used it to launch offensive cyberattacks on targets.

It is not the first time when India has been accused of launching attacks against China and Pakistan. With the help of threat groups and private actors like Phronesis, Aglaya etc., India has launched offensive cyber attacks against the neighbouring adversaries. Few months ago, the Indian government was accused of spying on the journalists and human rights activists, with the help of NSO surveillance software called Pegasus.

Earlier this year, Pakistan-based hackers used new malware – Remote Access Trojan (RAT) to target the power sector and one government organisation in India. Similarly, Chinese state-sponsored hacking group called RedEcho also targeted India’s power sector organisations last year, post the border standoff incident.

India has a history of skirmishes with both China and Pakistan. The growing rivalry has upgraded from border battles to covering cyberspace, making India another of the South Asian nations with advanced cyber capabilities. Today, Indian hacking activity has also expanded horizons to targets in the Middle East, all of which has together heightened alarms of growing cyberwarfare activities in the world.

Leave a Reply