In November 2024, the South Asian cyber espionage group Bitter (TA397) targeted a Turkish defense sector organization, delivering WmRAT and MiyaRAT malware via a RAR archive with hidden alternate data streams and a malicious shortcut. The attack involved sophisticated techniques, including scheduled tasks for remote access, with the goal of stealing sensitive information and intellectual property.