Bitter APT Hits China, Pakistan With WinRAR Zero-Day

China-based cybersecurity firm Qianxin Threat Intelligence Center has identified a new cyber campaign targeting Chinese and Pakistani entities. The attackers, linked to the Bitter APT Hits China group (APT-Q-37), used a zero-day vulnerability in WinRAR along with malicious Microsoft Office macros to deploy a custom C# backdoor. The tools allowed the threat actor to gain persistent access and exfiltrate sensitive data.

Qianxin traced the activity to Bitter APT Hits China through malware signatures and infrastructure patterns. The campaign exploited multiple vulnerabilities, including CVE-2025-9574, CVE-2025-11371, CVE-2025-61882, CVE-2025-8088, CVE-2025-54253 and CVE-2025-27915. These flaws enabled privilege escalation, remote code execution and evasion of security mechanisms.

The backdoor delivered through the malicious documents provided attackers with command-and-control functionality. Analysts believe the campaign reflects Bitter APT’s continued focus on South Asian geopolitical targets.

For more details, read the full report here:

Bitter APT Attacks China/Pakistan with WinRAR Zero-Day and New C# Backdoor via Office Macro