"Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks"

Charming Kitten is an Iranian nation-state group that has targeted multiple victims in the US, Europe, the Middle East, and India with a novel malware called BellaCiao. BellaCiao, discovered by Bitdefender Labs, is a "personalized dropper" capable of delivering other malware payloads onto a victim machine in response to commands from an actor-controlled server. The cybersecurity company stated that each sample collected was linked to a specific victim and contained hard-coded information such as specially crafted subdomains, a company name, and an associated public IP address. Charming Kitten, also known as APT35, Cobalt Illusion, Educated Manticore, ITG18, Mint Sandstorm, TA453, and Yellow Garuda, is an Advanced Persistent Threat (APT) group associated with the Islamic Revolutionary Guard Corps (IRGC). Over the years, the group has deployed backdoors in systems belonging to various industry verticals using multiple techniques. Microsoft linked the threat actor to retaliatory attacks against critical infrastructure entities in the US between late 2021 and mid-2022, which involved custom malware such as harmPower, Drokbk, and Soldier. This article continues to discuss Charming Kitten's use of the BellaCiao malware and the history of the APT group. 

THN reports "Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks"