Intel Name: The bitter end: unraveling eight years of espionage antics—part one
Date of Scan: June 9, 2025
Impact: High
Summary: TA397 (also known as Bitter) is an espionage-focused threat group with a consistent track record of targeting entities in South Asia. Although commonly linked to India, the basis for this attribution has not been thoroughly documented. In this blog, we present new evidence supporting TA397’s alignment with Indian interests and reveal previously unreported instances of the group’s activity beyond Asia. Part one of this series delves into TA397’s targeting strategies, campaign techniques, payload delivery mechanisms, and a detailed examination of its infrastructure.
