Charming Kitten, an Iranian state-sponsored APT group, has been using a novel malware called BellaCiao to target victims in the U.S., Europe, the Middle East, and India.
The malware is a personalized dropper that is capable of delivering other malware payloads to a victim machine based on commands from an actor-controlled server.
Bitdefender Labs has discovered that the malware is used to deploy backdoors in systems, disable Microsoft Defender, and establish persistence on the host.
It is also used to deploy web shells and Plink tools to allow the attackers to upload and download files and run commands.
To protect against modern attacks, Bitdefender recommends reducing the attack surface and prompt patching of newly discovered vulnerabilities.
👋 Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! 🛍️
If not, consider contributing to my caffeine supply at Buy Me a Coffee ☕️.
Your clicks = cosmic support for more awesome content! 🚀🌈
Leave a Reply