At a glance.
- BellaCiao malware, from Iran's IRGC.
- PingPull, malware used by the Chinese government affiliated Tarus Group.
- CVE-2023-29552 a critical level Service Location Protocol exploit.
- Ransomware continues to be a pervasive international threat.
- An overview of hacktivism (much of it Russian).
- Ukraine continues to collect evidence of Russian war crimes.
BellaCiao malware, from Iran's IRGC.
Iran’s APT Charming Kitten, sponsored by Tehran’s Islamic Revolutionary Guard Corps (IRGC), has been seen using a new strain of malware known as BellaCiao, Bitdefender reported this morning. The group, known also by many names (including Mint Sandstorm, Phosphorus, APT35, and APT42) uses this individually-tailored dropper to deliver payloads from their command-and-control (C2) server. Bitdefender said that “Each sample collected was tied up to a specific victim and included hardcoded information such as company name, specially crafted subdomains, or associated public IP address.” The malware has been seen in use against victims in the US and Europe, but also against targets in Turkey and India. The exact point of infection is unknown, but researchers conjecture a Microsoft Exchange exploit chain software vulnerability, or something similar. The researchers suspect the Italian moniker for this Iranian-native malware, BellaCiao, may be a reference to a folk song of the same name about resistance fighters.