Bitter APT Group Leverages Office Macros and WinRAR Vulnerability

Cyber Security News by CyberSum.net

Published on October 22, 2025 at 03:00 PM

2 sources

The Bitter APT group, also known as APT-Q-37, has been discovered using a combination of malicious Office macros and a previously undocumented WinRAR path traversal vulnerability to deploy a C# backdoor. This dual-pronged attack targets high-value sectors such as government, electric power, and military. The group, believed to operate from a South Asian base, has been active for several years, conducting highly targeted espionage operations. Researchers warn that this campaign illustrates Bitter's evolving tactics and the need for vigilance and proactive threat hunting.

Also Read

WordPress WooCommerce Sites Hit by Sophisticated Malware

The Wordfence Threat Intelligence Team has uncovered a highly sophisticated malware campaign targeting WordPress e-commerce sites using the WooCommerce plugin. The malware, disguised as a rogue plugin, employs advanced techniques such as custom encryption, fake images to hide payloads, and remote command access. It logs user credentials, establishes backdoors, and injects JavaScript skimmers into checkout pages to steal credit card data. The campaign is attributed to Magecart Group 12, known for persistent credit card skimming activities.

By Cyber Security News by CyberSum.netOctober 31, 2025 at 09:00 PM