web analytics
Home » Technology » Turkish military Under Attack By Asian Hacker Group Bitter

Turkish military Under Attack By Asian Hacker Group Bitter

3 hours ago Amit Gohar

A cyber espionage group called “Bitter” has targeted military organizations in Turkey. The hacker group, which has been active since 2013, relies on a new malware called MiyaRAT, like the security provider Proofpoint reported.

Unfamiliar environment

This new type of malware is only used against particularly high-ranking targets and is supplemented by the already known WmRAT malware. Bitter is a suspected South Asian hacker group that specializes in government organizations and critical infrastructure.

In the past, it has carried out attacks primarily in Asia, including against the government of Bangladesh in 2022. It also became active in China by masquerading as a Kyrgyz embassy to spy on nuclear companies. The current attacks in Turkey began with a phishing email that discussed a seemingly harmless foreign investment project.

The email attachment contained a RAR archive containing a crafted Windows shortcut file that, when activated, runs PowerShell code. At the same time, a distraction PDF opens to disguise the malware installation.

After activating the LNK file, the malware sets up a scheduled task that contacts a command domain every 17 minutes. In the cases examined, the malware initially downloaded WmRAT, but switched to MiyaRAT if the initial contact failed.

Differentiated use

Both malware are Remote Access Trojans (RATs) that can access data, take screenshots, manipulate files and spy on networks. However, MiyaRAT has more advanced features such as improved encryption, interactive reconnection, and advanced control over files and directories. The selective use of MiyaRAT suggests that Bitter only uses the malware on high-value targets to make it more difficult for security experts to analyze.

The attacks highlight the ongoing threat of targeted cyber operations. The use of Alternate Data Streams (ADS), which hides malicious code in seemingly harmless files, is particularly critical. Proofpoint has published indicators of the attacks, including YARA rules, to help detect this threat early.

Tags: , , , , , , ,

More Stories

Seagate HAMR HDD Wins the market

2 hours ago Research Snipers

Panther Lake chips are already being tested by OEMs

4 hours ago Amit Gohar

PayPal Scam Alert: Learn About Possible Fraud

9 hours ago Priti Rajpoot

Leave a Reply

Today’s Latest

Seagate HAMR HDD Wins the market

2 hours ago Research Snipers

Turkish military Under Attack By Asian Hacker Group Bitter

3 hours ago Amit Gohar

Panther Lake chips are already being tested by OEMs

4 hours ago Amit Gohar
Bitcoin

Unlocking Real Estate: How Bitcoin is Revolutionizing Home Buying

4 hours ago Priti Rajpoot
chat app

The Evolution of Video Chat: Connecting the World Face-to-Face

4 hours ago Joshua Bato

Google’s Pixel Lock Screen Clock Gains More Customization Options

8 hours ago Amit Gohar
iphone 17 pro max renders

iPhone 17 Pro Max Renders Reveal New Rear Design

9 hours ago Yasir Zeb

PayPal Scam Alert: Learn About Possible Fraud

9 hours ago Priti Rajpoot

Developer of the card game Balatro criticizes strange age classification

9 hours ago Research Snipers

Cult fun racer Mario Kart 9 ready to launch? with Nintendo Switch 2

9 hours ago Yasir Zeb