August 8, 2019

Anomali Threat Research Team Discovers BITTER APT Phishing Campaign Targeting People’s Republic of China Government Agencies

Threat Actors May Be Stealing Credentials from Agency Officials, Conducting Espionage

REDWOOD CITY, Calif. — Thursday, August 8 — BLACK HAT — Anomali, a leader in intelligence-driven cybersecurity solutions, today published its latest research report: Suspected BITTER APT Continues Targeting Government of China and Chinese Organizations.

The Anomali Threat Research Team discovered this new phishing attack leveraging spoof sites that appear to be designed to steal email credentials from target victims within the government of the People’s Republic of China. Although the attackers’ exact motivation is unknown, it is logical to conclude that this is an espionage campaign.

By stealing email credentials, and accessing internal email content, it would be possible for infiltrators to gain insight into decisions being made within the target organizations. Once in, threat actors could also gain access to sensitive information.

Attack victims are members of staff for the organisations being targeted. Most of the organisations being phished relate to economic trade, defense, aviation, and foreign relations. This suggests that the attackers are likely to be an actor or group operating under a mandate to understand China’s international goals.

China-based CERT 360 has previously reported on related indicators being attributed to BITTER APT. This group is known to operate out of a South Asian country, and is a suspected Indian APT in open source reporting. BITTER APT campaigns primarily target China, Pakistan and Saudi Arabia historically.

Phishing Defense
Although the attack identified is targeting officials within the government of the People's Republic of China, it is important for all organizations to understand that threat actors use the same methods and techniques to target the public and private sectors. Organizations at risk of being targeted in the manner observed should take several basic precautionary steps. This includes having security controls in place that integrate threat intelligence about active attacks, defense-in-depth protections including firewalls, and regular security training for employees that includes anti-phishing education.

To learn more about Anomali and how hundreds of enterprises use it to reduce risk, visit us on the exhibitor floor at Black Hat USA 2019, #1114.


About Anomali
Anomali® detects adversaries and tells you who they are. Organizations rely on Anomali to detect threats, understand adversaries, and respond effectively. Anomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments. The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide. For more information, visit us at