Saturday, July 13, 2024
Saturday, July 13, 2024
Get the Daily
Briefing by Email


Unpacking BellaCiao: A Closer Look at Iran’s Latest Malware

Martin Zugec
Bitdefender, Apr. 26, 2023

“Quick weaponization of publicly disclosed PoCs is the “new” winning formula for both financially motivated and state-sponsored threat actors.”
With recent reports that Charming Kitten group (aka Mint Sandstorm) is actively targeting critical infrastructure in the US and other countries, we would like to share the most recent insights from Bitdefender Labs about the modernization of Charming Kitten’s tactics, techniques, and procedures, including a new, previously unseen malware. This malware is tailored to suit individual targets and exhibits a higher level of complexity, evidenced by a unique communication approach with its command-and-control (C2) infrastructure. 

The name used by malware developers is BellaCiao, a reference to the Italian folk song about resistance fighting. We have identified multiple victims in the United States and Europe, but also in the Middle East (Turkey) or India. 

Who is Charming Kitten?

Charming Kitten (also known as APT35/APT42, Mint Sandstorm/PHOSPHORUS, ITG18, UNC788, Yellow Garuda or TA453) is an Iranian state-sponsored APT group associated with the Islamic Revolutionary Guard Corps (IRGC).  

Charming Kitten has been on the radar of the infosec community since 2014, and was infamous for targeting political dissidents, activists, journalists, and individuals protesting oppressive regimes. While this group mostly relied on social engineering and spear phishing to achieve its goals, it was known for using sophisticated methods, including impersonation of well-known researchers or activists

.… [To read the full article, click here]

Donate CIJR

Become a CIJR Supporting Member!

Most Recent Articles

Britain Moves Left, But How Far?

Editorial WSJ, July 5, 2024   “Their failures created an opening for Reform UK, led by Nigel Farage, a party promising stricter immigration controls and the lower-tax policies...


"For the second time this year, it is my greatest merit to lead you into battle and to fight together.  On this day 80...

Day 5 of the War: Israel Internalizes the Horrors, and Knows Its Survival Is...

David Horovitz Times of Israel, Oct. 11, 2023 “The more credible assessments are that the regime in Iran, avowedly bent on Israel’s elimination, did not work...

Sukkah in the Skies with Diamonds

  Gershon Winkler, Oct. 14, 2022 “But my father, he was unconcerned that he and his sukkah could conceivably - at any moment - break loose...

Subscribe Now!

Subscribe now to receive the
free Daily Briefing by email

  • This field is for validation purposes and should be left unchanged.

  • Subscribe to the Daily Briefing

  • This field is for validation purposes and should be left unchanged.