瑞星披露：“蔓灵花”每16分钟一次窃取我国数据

Core Viewpoint - The South Asian hacker group "Bitter" has launched targeted cyberattacks against a Chinese government department, using forged emails from the "Ministry of Natural Resources" to deliver malicious Excel files that compromise the victim's computer and enable ongoing surveillance and data theft [1][5]. Attack Methodology - The attackers impersonated the "Ministry of Natural Resources" by creating a convincing email identity and content, using themes like "user data" to lure recipients into opening the malicious attachment disguised as an Excel file [2]. - The so-called "Excel file" is actually an HTML file containing malicious scripts that activate automatically in the background once opened, initiating the attack process without the victim's knowledge [3]. - The malicious script establishes a scheduled task named "WindowsDefenderVerification" on the victim's computer, which connects to an external server every 16 minutes to receive commands and transmit stolen data, allowing for long-term covert control [4]. Background of the Hacker Group - "Bitter" is identified as a state-sponsored Advanced Persistent Threat (APT) group, suspected to originate from India, with a clear geopolitical motive targeting strategic objectives in China and Pakistan, including government agencies and critical infrastructure [5]. Defensive Guidelines - Organizations should be vigilant about unfamiliar email attachments and avoid opening them [7]. - It is recommended to install professional protective software and keep virus definitions updated to intercept malicious files [8]. - Implementing systems to monitor abnormal network activities can help detect and block remote control attempts by hackers [9]. - Regularly patching computer systems and commonly used software is essential to reduce vulnerabilities that could be exploited [10].