Core Viewpoint - The South Asian hacker group "Bitter" has launched targeted cyberattacks against a Chinese government department, using forged emails from the "Ministry of Natural Resources" to deliver malicious Excel files that compromise the victim's computer and enable ongoing surveillance and data theft [1][5]. Attack Methodology - The attackers impersonated the "Ministry of Natural Resources" by creating a convincing email identity and content, using themes like "user data" to lure recipients into opening the malicious attachment disguised as an Excel file [2]. - The so-called "Excel file" is actually an HTML file containing malicious scripts that activate automatically in the background once opened, initiating the attack process without the victim's knowledge [3]. - The malicious script establishes a scheduled task named "WindowsDefenderVerification" on the victim's computer, which connects to an external server every 16 minutes to receive commands and transmit stolen data, allowing for long-term covert control [4]. Background of the Hacker Group - "Bitter" is identified as a state-sponsored Advanced Persistent Threat (APT) group, suspected to originate from India, with a clear geopolitical motive targeting strategic objectives in China and Pakistan, including government agencies and critical infrastructure [5]. Defensive Guidelines - Organizations should be vigilant about unfamiliar email attachments and avoid opening them [7]. - It is recommended to install professional protective software and keep virus definitions updated to intercept malicious files [8]. - Implementing systems to monitor abnormal network activities can help detect and block remote control attempts by hackers [9]. - Regularly patching computer systems and commonly used software is essential to reduce vulnerabilities that could be exploited [10].

Group 1 - The hacker known as "Robert," linked to Iran, has threatened to release more stolen emails related to Trump's circle ahead of the 2024 U.S. elections, claiming to possess around 100GB of data [1] - The U.S. Department of Justice has charged the Iranian Revolutionary Guard with operating the "Robert" hacking operation, although the hacker did not respond to this accusation during discussions with Reuters [2] - Following recent military actions involving the U.S. and Iran, the hacker has resumed contact with the media, indicating plans to sell the stolen emails and encouraging Reuters to publicize the matter [2] Group 2 - The leaked emails include communications between Trump's campaign team and Republican candidates, as well as details of settlements with adult film star Stormy Daniels, but did not fundamentally alter the outcome of the previous election [2] - Experts suggest that Iran's cyber operatives may be attempting to retaliate without provoking further military action from the U.S. and Israel, indicating a strategic approach to their cyber activities [2] - U.S. cybersecurity officials have warned that American businesses and critical infrastructure operators may still be targets for Iranian cyber attacks, despite a period of low-profile activity from Iranian hackers during recent conflicts [2]