The Iranian government-backed hacking group Charming Kitten has been named as the group responsible for a new wave of attacks targeting critical infrastructure in the United States and elsewhere.
The group (known by various names among security researchers including Mint Sandstorm, Phosphorous, Newscaster and APT35) has been active since at least 2011 and has been targeting activists and journalists in the Middle East. is making a name for itself. , and organizations such as the United States, United Kingdom and Israel.
Earlier this month, Microsoft announced The group, affiliated with Iran’s Islamic Revolutionary Guard Corps, was involved in cyberattacks against critical US infrastructure from late 2021 to mid-2022.
And now, according to some new report Malicious hackers have added a new weapon to their arsenal to evade detection, according to security researchers at antivirus company Bitdefender.
According to Bitdefender Labs experts, Charming Kitten has produced multiple samples of malware called BellaCiao, each tailored to a specific victim, each with a specific company name, specially crafted sub Contains domains and associated IP addresses.
“Custom-developed malware, also known as ‘customized’ malware, is typically hard to detect because it contains unique code specifically written to evade detection,” said the researchers. says there is.
Each malware sample reveals details about the specific organizational victim for which it was customized. This means that information about the samples is tightly controlled as it may lead to identification.
BellaCiao, presumably named after the Italian folk song of freedom and resistance, attempts to disable Microsoft Defender, open a backdoor that remote actors can access, send commands to launch further attacks, Attempts to steal information such as credentials.
It is not yet known how this group first entered the network and planted the malware, but the organization should ensure that systems are well managed, that weak or reused passwords are not used, and that software vulnerabilities are exploited. It is wise to apply a patch for
A full list of indicators of compromise can be found at Technical blog post from Bitdefender Labs.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.