Proofpoint identified a targeted campaign against operations personnel at energy firms linked to projects in Pakistan. The messages were sent on 18 March 2026, and mimicked invitations to the upcoming Pakistan Energy Exhibition & Conference (PEEC). We track the activity as UNK_VaporVibes. 1/8

From phishes to hands-on-keyboard commands 🔥 new @proofpoint.bsky.social research from @nickattfield.bsky.social and @konstantinklinger.bsky.social on Indian state-sponsored actor TA397 (Bitter) with a great story on the steps to technical and political attribution www.proofpoint.com/us/blog/thre...

Dropping some joint research today with Threatray on TA397/Bitter 🔍 We dive into the confluence of signals that led us to our attribution of the threat actor 🎯 Shoutout to @konstantinklinger.bsky.social and Threatray for collaborating on this research. www.proofpoint.com/us/blog/thre...

If you like to use python and are interested in YARA rule linting:

Dropping some new research on TA397/Bitter 🚨 Hidden in Plain Sight | TA397’s New Attack Chain Delivers Espionage RATs Report: www.proofpoint.com/us/blog/thre...

Proofpoint has published a report detailing new activity from #TA397 (AKA Bitter), a prominent South Asian advanced persistent threat (APT) group. The campaign, which took place in November 2024, targeted a defense sector organization in Turkey. Read the blog: ow.ly/z81o50UshPt.