New Evidence Establishes Connection Between Persistent Hacking Group and Indian Government

Researchers have identified new connections between the persistent threat actor known as Bitter and the Indian government. In a comprehensive two-part investigation published recently, security researchers from Proofpoint, a U.S.-based cybersecurity firm, and Threatray, based in Switzerland, have analyzed a sequence of cyber operations attributed to Bitter, which occurred between October 2024 and April 2025.

These campaigns demonstrate a notable evolution in tactics and techniques employed by Bitter, indicating a continued focus on targeting specific sectors. The findings suggest that the actor has been leveraging advanced strategies to facilitate cyber espionage and data exfiltration.

Screenshots and relevant diagrams supporting the analysis reveal the intricate methodologies utilized by Bitter, which include sophisticated phishing attempts and the use of malware tailored for surveillance purposes.

The report highlights the importance of maintaining vigilant security measures and the necessity for organizations to remain informed about emerging threats linked to state-sponsored cyber activities. Given the historical context of Bitter’s operations, it is imperative for entities in potential target industries to assess their security postures proactively.

In conclusion, understanding the dynamics of threat actors such as Bitter is crucial for developing effective defense mechanisms and mitigating risks associated with targeted cyber threats.