The Bitter End: Unraveling Eight Years of Espionage Antics—Part One | Proofpoint US This is a two-part blog series, detailing research undertaken in collaboration with Threatray. Part two of this blog series can be found on their website here.  Analyst note: Throughout

Just published:

A two-part blog series in collaboration with
@threatray.bsky.social, which aims to substantiate the claim that #TA397 (Bitter) is an espionage-focused, state-backed threat actor with interests aligned to the Indian state.

Part 1: brnw.ch/21wT9A5
Part 2: brnw.ch/21wT9Ad.

TA397: Malware Targeting the Turkish Defense Sector The TA397 phishing campaign poses a significant threat to the Turkish defense sector, techniques such as phishing and advanced malware like WMrat and Miyarat.

Unveiling TA397: A sophisticated malware targeting the Turkish defense sector. 🚨💻 Stay informed on the latest cybersecurity threats! 🔍 Read more: innovirtuoso.com/cybersecurity/unveiling-... #Cybersecurity #Malware #TA397

GitHub - reversinglabs/reversinglabs-yara-rules: ReversingLabs YARA Rules ReversingLabs YARA Rules. Contribute to reversinglabs/reversinglabs-yara-rules development by creating an account on GitHub.

#wmRAT is another #backdoor attributed to the #APT group #TA397, & is used in attacks on organizations in the defense sector across the APAC & EMEA regions. Protect yourself by deploying our public #YARArules: bit.ly/3x34FdW

#Malware #Cybersecurity #SecOps

GitHub - reversinglabs/reversinglabs-yara-rules: ReversingLabs YARA Rules ReversingLabs YARA Rules. Contribute to reversinglabs/reversinglabs-yara-rules development by creating an account on GitHub.

#MiyaRAT is a #backdoor attributed to the #APT group #TA397, which conducted multiple attacks on organizations in the defense sector across APAC & EMEA regions. Don't become a victim, deploy our public #YARArules: github.com/reversinglab...

#Cybersecurity #Malware

TA397: Malware Targeting the Turkish Defense Sector The TA397 phishing campaign poses a significant threat to the Turkish defense sector, techniques such as phishing and advanced malware like WMrat and Miyarat.

The #TA397 campaign targets 🇹🇷 defense, using phishing & advanced malware like WMrat & Miyarat. Stay alert to these evolving threats! 🛡️🕵️‍♂️ Cybersecurity #Phishing #Malware

Read more at: innovirtuoso.com/cybersecurit...

This activity demonstrates staple tactics of #TA397 payload delivery.

Our blog shares full campaign details, including TA397’s usage of NTFS alternate data streams (ADS) in combination with PDF and LNK files to gain persistence, which facilitates further malware deployment.

Hidden in Plain Sight: TA397’s New Attack Chain Delivers Espionage RATs | Proofpoint US Key findings  Proofpoint observed advanced persistent threat (APT) TA397 targeting a Turkish defense sector organization with a lure about public infrastructure projects in Madagascar.   The attack...

Proofpoint has published a report detailing new activity from #TA397 (AKA Bitter), a prominent South Asian advanced persistent threat (APT) group.

The campaign, which took place in November 2024, targeted a defense sector organization in Turkey.

Read the blog: ow.ly/z81o50UshPt.