In December 2024, cybersecurity researchers identified a new variant of the BellaCiao malware, dubbed In December 2024, cybersecurity experts discovered BellaCPP, a new iteration of the BellaCiao malware developed by the Iranian hacking group, Charming Kitten. Known for their state-sponsored cyber operations, this group has taken a significant step forward by introducing BellaCPP, a C++ version of the original BellaCiao malware.
What is BellaCiao?
BellaCiao first appeared in April 2023, targeting systems using .NET-based payloads. This malware is infamous for its ability to plant backdoors, maintain persistence, and establish hidden tunnels to siphon data from compromised machines. The emergence of BellaCPP marks an evolution in their arsenal, signaling a shift toward more efficient and stealthier operations.
BellaCPP: A Closer Look
Kaspersky researchers identified BellaCPP during an analysis of a compromised system in Asia, where it was found alongside the original BellaCiao. Unlike its predecessor, BellaCPP is reengineered in C++ and functions as a Windows service. This revamped version omits the web shell component, likely to avoid detection, demonstrating Charming Kitten’s adaptive approach to their cyber tools.
Charming Kitten’s Cyber Campaigns
Charming Kitten, also known as APT35, is a cyber-espionage group tied to Iran’s Islamic Revolutionary Guard Corps (IRGC). Their campaigns typically involve exploiting known vulnerabilities in widely used software like Microsoft Exchange Server and Zoho ManageEngine. The group also uses customized malware and elaborate social engineering tactics to infiltrate networks in regions such as the U.S., the Middle East, and India.
What Can Organizations Do?
The introduction of BellaCPP emphasizes the importance of staying ahead of evolving threats. Here are some actionable steps organizations should consider:
- Stay Updated: Monitor threat intelligence reports to understand the tactics and tools of groups like Charming Kitten.
- Apply Critical Patches: Ensure all systems, especially externally facing ones, are updated and patched regularly to close known vulnerabilities.
- Strengthen Security Measures: Deploy advanced monitoring tools to identify unusual network behaviors that may indicate a breach.
- Conduct Regular Security Assessments: Regular audits can help uncover and address potential vulnerabilities before attackers exploit them.
Learn More About BellaCPP
For a comprehensive analysis of BellaCPP and its technical details, check out Kaspersky’s full report. Staying informed and proactive is key to mitigating risks posed by advanced threats like Charming Kitten.
