Press ESC to close

Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware

Category Details
Threat Actors • Charming Kitten (APT35, CALANQUE, Mint Sandstorm, TA453, Yellow Garuda, etc.), affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC).
Campaign Overview • Deployment of a new C++ variant of BellaCiao, named BellaCPP, as part of cyberattacks.
• Targets include compromised machines in Asia and regions like the U.S., Middle East, and India.
Target Regions (Victims) • United States, Middle East, India, and Asia.
Methodology • Social engineering campaigns.
• Exploiting known vulnerabilities in Microsoft Exchange Server and Zoho ManageEngine.
Product Targeted • Publicly accessible applications, including Microsoft Exchange Server and Zoho ManageEngine.
Malware Reference • BellaCiao (original variant).
• BellaCPP (C++ variant).
Tools Used • BellaCiao (dropper).
• BellaCPP (C++ variant with SSH tunneling capabilities).
Vulnerabilities Exploited • Known security flaws in Microsoft Exchange Server and Zoho ManageEngine.
TTPs • Social engineering for initial access.
• Tunneling via SSH.
• Exploiting application vulnerabilities.
Attribution • Associated with Charming Kitten, an APT group linked to Iran’s IRGC.
Recommendations • Patch known vulnerabilities in Microsoft Exchange Server and Zoho ManageEngine.
• Strengthen defenses against social engineering attempts.
• Monitor for suspicious DLL activities.
Source The Hackers News

Read full article: https://thehackernews.com/2024/12/irans-charming-kitten-deploys-bellacpp.html

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

Source: TheHackersNews

Published on: December 25, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *