Threat Research

    The Bitter End: Unraveling Eight Years of Espionage Antics—Part One

    TA397 (also known as Bitter) is an espionage-focused threat group with a consistent track record of targeting entities in South Asia. Although commonly linked to India, the basis for this attribution has not been thoroughly documented....
    6/9/2025  0
    Read More »

    Hidden in Plain Sight: TA397’s New Attack Chain Delivers Espionage RATs

    On November 18, 2024, TA397 (also known as Bitter) targeted a defense sector organization in Turkey with a spearphishing email. The email included a RAR archive containing a decoy PDF (~tmp.pdf), a malicious LNK file disguised as a PDF (PUBLIC INVESTMENTS PROJECTS 2025.pdf.lnk), and an Alternate Data Stream (ADS) file with embedded PowerShell code....
    12/18/2024  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.