The Grudge: Bitter

← Home·Gallery·Techniques

Threat Intelligence Tarot

swords · 9

South Asia (India-linked, suspected)

G1002

★★★★★

risk 3/5

✦ The Grudge ✦

Bitter

T-APT-17 · APT-C-08 · Manlinghua

PakistanChinaBangladeshNuclear energy sectorGovernment officials

Active since ~2013 · Pakistan military intelligence, Chinese government targeting, Energy sector espionage

The Grudge moves along lines of historical conflict - a South Asian actor targeting rivals across the subcontinent's fault lines. It is not the most sophisticated group in these cards, but it is relentless, and its targets feel it every day.

Tactics & Techniques

RCN

RDV

INI

EXC

PRS

PRV

EVA

CRD

DSC

LAT

COL

EXF

IMP

T1566.001

Spearphishing Attachment

Initial Access

T1204.002

Malicious File

Execution

T1059.005

Visual Basic

Execution

T1547.001

Registry Run Keys

Persistence

T1083

File and Directory Discovery

Discovery

Notable Operations

◆Pakistan government and military targeting (ongoing)
◆Chinese nuclear energy organization spearphishing (2021)
◆ArtraDownloader and BitterRAT family deployments
◆Bangladesh government targeting

Defenses

▸
Email filtering and attachment sandboxing
CIS Control 9 ↗
▸
VBA macro execution controls in Office documents
CIS Control 2 ↗
▸
Government-sector threat intelligence sharing
NIST CSF: ID.RA ↗
▸
User awareness training for targeted government staff
NIST SP 800-50 ↗

Reversed: Their Weakness

Bitter's relatively standard tooling and predictable targeting patterns have made it one of the more thoroughly attributed South Asian APT groups - the consistency of focus on Pakistan–India geopolitical tensions makes intent clear even when attribution is contested.

Share this adversary profile

← → arrow keys to browse

swipe to browse

← PreviousThe Confessor Next →The Viper

Related Adversaries

Data sourced from MITRE ATT&CK. For educational purposes.