Category | Details |
---|---|
Threat Actors | • Charming Kitten (APT35, CALANQUE, Mint Sandstorm, TA453, Yellow Garuda, etc.), affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC). |
Campaign Overview | • Deployment of a new C++ variant of BellaCiao, named BellaCPP, as part of cyberattacks. • Targets include compromised machines in Asia and regions like the U.S., Middle East, and India. |
Target Regions (Victims) | • United States, Middle East, India, and Asia. |
Methodology | • Social engineering campaigns. • Exploiting known vulnerabilities in Microsoft Exchange Server and Zoho ManageEngine. |
Product Targeted | • Publicly accessible applications, including Microsoft Exchange Server and Zoho ManageEngine. |
Malware Reference | • BellaCiao (original variant). • BellaCPP (C++ variant). |
Tools Used | • BellaCiao (dropper). • BellaCPP (C++ variant with SSH tunneling capabilities). |
Vulnerabilities Exploited | • Known security flaws in Microsoft Exchange Server and Zoho ManageEngine. |
TTPs | • Social engineering for initial access. • Tunneling via SSH. • Exploiting application vulnerabilities. |
Attribution | • Associated with Charming Kitten, an APT group linked to Iran’s IRGC. |
Recommendations | • Patch known vulnerabilities in Microsoft Exchange Server and Zoho ManageEngine. • Strengthen defenses against social engineering attempts. • Monitor for suspicious DLL activities. |
Source | The Hackers News |
Read full article: https://thehackernews.com/2024/12/irans-charming-kitten-deploys-bellacpp.html
The above summary has been generated by an AI language model
Leave a Reply