Charming Kitten | Breaking Cybersecurity News | The Hacker News

The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian cybersecurity company Kaspersky, which dubbed the new version BellaCPP , said it discovered the artifact as part of a "recent" investigation into a compromised machine in Asia that was also infected with the BellaCiao malware. BellaCiao was first documented by Romanian cybersecurity firm Bitdefender in April 2023, describing it as a custom dropper capable of delivering additional payloads. The malware has been deployed by the hacking group in cyber attacks targeting the United States, the Middle East, and India. It's also one of the many bespoke malware families the Charming Kitten actor has developed over the years. Affiliated with Iran's Islamic Revolutionary Guard Corps (IRGC), the advanced persistent threat (APT) group is also known by the monikers APT35, CALANQUE, Charming Kitten, CharmingCypress, ITG18, Mint...

The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new backdoor called  BASICSTAR  by creating a fake webinar portal. Charming Kitten, also called APT35, CharmingCypress, Mint Sandstorm, TA453, and Yellow Garuda, has a history of orchestrating a wide range of social engineering campaigns that cast a wide net in their targeting, often singling out think tanks, NGOs, and journalists. "CharmingCypress often employs unusual social engineering tactics, such as engaging targets in prolonged conversations over email before sending links to malicious content," Volexity researchers Ankur Saini, Callum Roxan, Charlie Gardner, and Damien Cash  said . Last month, Microsoft  revealed  that high-profile individuals working on Middle Eastern affairs have been targeted by the adversary to deploy malware such as MischiefTut and MediaPl (aka EYEGLASS) that are capable of harvesting sensit...

Germany's Federal Office for the Protection of the Constitution (BfV) has warned of cyber attacks targeting Iranian persons and organizations in the country since the end of 2022. "The cyber attacks were mainly directed against dissident organizations and individuals – such as lawyers, journalists, or human rights activists – inside and outside Iran," the agency  said  in an advisory. The intrusions have been attributed to a threat actor called  Charming Kitten , which is also tracked under the names APT35, Mint Sandstorm, TA453, and Yellow Garuda. While Iranian nation-state actors lag behind their Russian and Chinese counterparts in sophistication, they have demonstrated a continued advancement of tools and techniques, adding an arsenal of custom malware to facilitate information gathering and rapidly exploiting n-day security flaws to obtain initial access. Charming Kitten, in particular, has a long,  storied history  of leveraging elaborate social engin...

A state-sponsored advanced persistent threat (APT) actor newly christened APT42 (formerly UNC788) has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015. Cybersecurity firm Mandiant said the group operates as the intelligence gathering arm of Iran's Islamic Revolutionary Guard Corps (IRGC), not to mention shares partial overlaps with another cluster called  APT35 , which is also known as Charming Kitten, Cobalt Illusion, ITG18, Phosphorus, TA453, and Yellow Garuda. APT42 has exhibited a propensity to strike various industries such as non-profits, education, governments, healthcare, legal, manufacturing, media, and pharmaceuticals spanning at least 14 countries, including in Australia, Europe, the Middle East, and the U.S. Intrusions aimed at the pharmaceutical sector are also notable for the fact that they commenced at the onset of the COVID-19 pandemic in March 2020, i...