Iranian state-sponsored hacking group Charming Kitten has been identified as the group behind a series of attacks targeting critical infrastructure in the United States and elsewhere. The group, also known by a variety of other names, has been actively operating since 2011 and has targeted activists, journalists, and organisations in multiple countries.
Earlier this month, Microsoft announced the group had been linked to cyber attacks on US critical infrastructure. Now, according to a new report from security researchers at anti-virus firm Bitdefender, a new weapon has been added to the group’s arsenal. The weapon is custom-developed malware known as BellaCiao, which is designed to evade detection and contains unique code.
The malware contains specific company names, specially-crafted subdomains, and associated IP addresses, and it attempts to disable Microsoft Defender, open backdoors, launch further attacks, and exfiltrate credentials. It is not known as yet how the group is initially intruding into networks to plant the malware.
Organisations should take precautions to ensure their systems are well-maintained, have strong and unique passwords, and are patched against software vulnerabilities.
In summary, Iranian state-sponsored hacking group Charming Kitten has been linked to a series of attacks targeting critical infrastructure in the US and elsewhere. The group has added a new weapon to its arsenal in the form of custom-developed malware called BellaCiao, which can evade detection, open backdoors, and exfiltrate credentials. Organisations should take precautions to ensure their systems are secure and protected against potential threats.
Key Points:
• Charming Kitten is a state-sponsored hacking group from Iran
• The group has been linked to attacks on US critical infrastructure
• The group has developed custom-developed malware called BellaCiao
• BellaCiao is designed to evade detection and open backdoors
• Organisations should take precautions to ensure their systems are secure