The Iran-linked APT group Charming Kitten has been observed using a C++ variant of the BellaCiao malware, named BellaCPP. BellaCiao, a .NET-based malware, combines webshell persistence with covert tunneling. The malicious code was first spotted in April 2023 by Bitdefender, its PDB paths reveal valuable insights, including a versioning scheme. Recently investigators discovered a BellaCiao malware sample on a computer in Asia, along with a related C++ reimplementation of an older BellaCiao vers
