The Iran-linked APT group Charming Kitten has been observed using a C++ variant of the BellaCiao malware, dubbed BellaCPP.
Russian cybersecurity company Kaspersky, which dubbed the new version BellaCPP, said it discovered as a part of a “recent” investigation into a compromised machine in Asia that was also infected with the BellaCiao malware.
This sophisticated variant, written in C++, significantly differs from the group’s earlier tools, which were predominantly scripted in other languages.
Advanced Features of BellaCPP
BellaCPP is a multi-functional tool capable of conducting data exfiltration, system reconnaissance, and command execution.
Its modular architecture enables seamless updates and adaptability, making it a formidable threat to cybersecurity. Unlike previous variants, BellaCPP uses advanced techniques to evade detection using antivirus software and network monitoring tools.
Aimed Targets and Operational Goals
The malware is believed to target governmental entities, academic institutions, and critical infrastructure across various regions.
Experts have linked BellaCPP’s activity to nation-state-sponsored campaigns, emphasizing its role in broader espionage operations.
Researchers’ Findings
They noted the encryption mechanisms embedded within the malware, designed to protect its communication channels from interception. This evolution aligns with the group’s increasing focus on operational security and stealth tactics.
Once deployed, BellaC++ creates a secure communication channel with its command-and-control (C2) servers, allowing attackers to exfiltrate data stealthily.
Charming Kitten also called APT35; Turk Black Hat; Ajax Security Team; Phosphorus. Charming Kitten is notorious for its highly targeted attacks. BellaC++, a novel addition to their arsenal, demonstrates the group’s evolving capabilities.
The malware is engineered to infiltrate secure systems, extract sensitive data, and maintain persistence, enabling long-term espionage operations.
APT35 primarily targets organizations in North America, Europe, and the Middle East, with a focus on sectors handling sensitive information.
Charming Kitten’s activities with BellaC++ highlight the increasing danger posed by nation-state-backed cyber campaigns.
