Friend
Professional
- Messages
- 2,653
- Reaction score
- 842
- Points
- 113
The new malware from APT 35 already attacks critical systems.
Researchers have discovered a new malware called Cyclops, which was probably developed by the "Charming Kitten" group (APT 35). This software first appeared in December 2023 and began to be used against targets in the Middle East as early as 2024. Cyclops allows attackers to execute commands on infected devices and break into networks for further attacks. Malware is managed via the HTTP REST API, which can be accessed via an SSH tunnel.
According to the data, Cyclops was created as a replacement for the previously known BellaCiao malware. This is confirmed by the similarity of working methods and goals of both programs. The main features of Cyclops include executing arbitrary commands, manipulating the file system, and using an infected device to spread an attack inside the network.
So far, only a few instances of this malware have been detected, which indicates its recent appearance and possibly limited distribution. Cyclops was probably used to attack organizations operating in Lebanon and Afghanistan.
It is noted that the development of Cyclops was completed in December 2023, shortly after the use of BellaCiao ceased. This indicates a direct link between these two malicious programs and their authors.
Researchers believe that Cyclops may represent a new stage in the activities of the "Charming Kitten", known for its attacks on various targets, including attempts to interfere in the US election. Analysis of Cyclops and its infrastructure helps us better understand the actions of this group and counter its new threats.
Source
Researchers have discovered a new malware called Cyclops, which was probably developed by the "Charming Kitten" group (APT 35). This software first appeared in December 2023 and began to be used against targets in the Middle East as early as 2024. Cyclops allows attackers to execute commands on infected devices and break into networks for further attacks. Malware is managed via the HTTP REST API, which can be accessed via an SSH tunnel.
According to the data, Cyclops was created as a replacement for the previously known BellaCiao malware. This is confirmed by the similarity of working methods and goals of both programs. The main features of Cyclops include executing arbitrary commands, manipulating the file system, and using an infected device to spread an attack inside the network.
So far, only a few instances of this malware have been detected, which indicates its recent appearance and possibly limited distribution. Cyclops was probably used to attack organizations operating in Lebanon and Afghanistan.
It is noted that the development of Cyclops was completed in December 2023, shortly after the use of BellaCiao ceased. This indicates a direct link between these two malicious programs and their authors.
Researchers believe that Cyclops may represent a new stage in the activities of the "Charming Kitten", known for its attacks on various targets, including attempts to interfere in the US election. Analysis of Cyclops and its infrastructure helps us better understand the actions of this group and counter its new threats.
Source
