BITTER APT is a threat actor organization suspected of having a South Asian background. This organization has long been conducting attacks against China, Pakistan and other countries, mainly targeting government, military industry, electric power, nuclear energy and other units to conduct targeted attacks to steal sensitive information. It is also tracked as APT-C-08. Recently, targeted attacks on domestic, government organizations and enterprises have been detected, originated by this APT group. The captured samples are SFX files disguised as decoys related to the shipbuilding industry. After running, the decoy PDF will be displayed to the victim, in order to trick them, at the same time malware will be executed in the background to carry out secret theft activities. In this round of attacks, the attack methods of this APT group have not changed much, and they still use the C2 server for communication, that was previously attributed to them. At the same time, the plug-in modules distributed by the C2 server are basically the same as in previous attacks.