Security News > 2023 > April > Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks
The prolific Iranian nation-state group known as Charming Kitten targeted multiple victims in the U.S., Europe, the Middle East and India with a novel malware dubbed BellaCiao, adding to its ever-expanding list of custom tools.
Discovered by Bitdefender Labs, BellaCiao is a "Personalized dropper" that's capable of delivering other malware payloads onto a victim machine based on commands received from an actor-controlled server.
The development comes as the threat actor was attributed by Microsoft to retaliatory attacks aimed at critical infrastructure entities in the U.S. between late 2021 to mid-2022 using bespoke malware such as harmPower, Drokbk, and Soldier.
"The resolved IP address is like the real public IP address, but with slight modifications that allow BellaCiao to receive further instructions," Zugec explained.
"The best protection against modern attacks involves implementing a defense-in-depth architecture," Zugec concluded.
"The first step in this process is to reduce the attack surface, which involves limiting the number of entry points that attackers can use to gain access to your systems and prompt patching of newly discovered vulnerabilities."
News URL
https://thehackernews.com/2023/04/charming-kittens-new-bellaciao-malware.html
Related news
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)