The Iran-linked APT group Charming Kitten has been observed using a C++ variant of the BellaCiao malware, named BellaCPP. BellaCiao, a .NET-based malware, combines webshell persistence with covert tunneling. The malicious code was first spotted in April 2023 by Bitdefender, its PDB paths reveal valuable insights, including a versioning scheme. Recently investigators discovered a BellaCiao malware sample on a computer in Asia, along with a related C++ reimplementation of an older BellaCiao vers
bellaciao (2)
The nasty Iranian nation-state APT group known as Charming Kitten is actively targeting multiple victims in the US, Europe, the Middle East, and India with a new malware named BellaCiao, adding to its ever-expanding list of custom tools. Discovered by Bitdefender Labs, BellaCiao is a "Personalized dropper" that is capable of delivering other malware payloads onto a victim machine based on commands received from an actor-controlled server. The attackers appear to customize their attacks for eac
