{"id":51683,"date":"2023-04-28T20:18:35","date_gmt":"2023-04-28T20:18:35","guid":{"rendered":"https:\/\/www.darkreading.com\/cloud\/bellaciao-showcases-iran-threat-groups-modernizing-malware"},"modified":"2023-04-28T20:18:35","modified_gmt":"2023-04-28T20:18:35","slug":"bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/","title":{"rendered":"‘BellaCiao’ Showcases How Iran’s Threat Groups Are Modernizing Their Malware"},"content":{"rendered":"
<\/div>\n

A new malware strain that has been landing on systems belonging to organizations in the US, Europe, Turkey, and India has provided another indication of how Iran’s state-backed cyber-threat groups have been systematically modernizing their arsenals in recent years.<\/p>\n

The malware, dubbed “BellaCiao,” is a dropper that Iran’s Charming Kitten advanced persistent threat (APT) group has been using in a highly targeted manner in recent months to gain and maintain unobtrusive initial access on target systems.<\/p>\n

A Highly Customized Threat<\/p>\n

Researchers at Bitdefender discovered the new malware when investigating activity related to three other recent malware tools associated with Charming Kitten. Their analysis of the malicious code \u2014 summarized in a blog post this week<\/a> \u2014 uncovered a couple of features that set it apart from many other malware samples.<\/p>\n

One was the specifically targeted nature of the dropper that ended up on each victim’s system. The other was BellaCiao’s unique and hard-to-detect style of communicating with its command-and-control (C2) server.<\/p>\n

“Each sample we’ve collected is custom-built for each victim,” says Martin Zugec, technical solutions director at Bitdefender. Each sample includes hard-coded information that is specific to the victim organization, such as the company’s name, public IP addresses, and specially crafted subdomains.<\/p>\n

Charming Kitten’s apparent intention in making the malware victim-specific is to blend in on host systems and networks, Zugec says. For instance, the subdomains and IP addresses the malware uses in interacting with the C2 are similar to the real domain and public IP addresses of the victim. Bitdefender’s analysis of the malware’s build information showed its authors had organized victims in different folders with names that indicated the countries in which they were located. The security vendor found that Charming Kitten actors used victim-optimized versions of BellaCiao, even when the target victim was from a noncritical sector.<\/p>\n<\/h2>\n

Unique Approach to Receiving C2 Commands<\/h2>\n

Zugec says the manner in which BellaCiao interacts with the C2 server and receives command from it is also unique. “The communication between implant and C2 infrastructure is based on DNS name resolution,” he explains. There is no active communication that is detectable between the implant and the malicious C2 infrastructure. “[Infected hosts] asks Internet servers for a DNS name resolution, and based on the format of returned IP address, decides which action to take.” The format of each segment of IP address \u2014 or octet \u2014 <\/span>specifies further instructions to the malware such as location where to drop stolen information, Zugec says.<\/p>\n

Zugec likens the manner in which BellaCio uses DNS information to retrieve C2 instruction to how someone might convey specific information to another person via a phone number. When an individual looks up a specific name in the phone book, the associated telephone number could be code for something else. “In this analogy, country code can tell you the action to execute, area code tells you the malware to deploy, and phone number specifies the location where to deploy it. There is never any direct contact between C2 and the agent\/implant.” The approach makes it hard for defenders to spot the activity. “Our hypothesis is that the aim of BellaCiao is to evade detection during the period between the initial infiltration and the actual commencement of the attack,” Zugec says.<\/p>\n

DNS-based attacks themselves are not completely new, Zugec says, pointing to techniques like DNS tunneling and the use of domain generation algorithms in attacks. But the techniques involve active use of DNS, which makes it possible for a defender to detect malicious intent. With BellaCiao, the usage is completely passive, he says.<\/p>\n

The Face of a More Aggressive Approach<\/h2>\n

Charming Kitten (aka APT35 and Phosphorous), is a state-backed Iranian cyber threat group that has been operational since at least 2014. The threat actor has been associated with numerous sophisticated spear-phishing attacks against targets that have included government agencies, journalists, think tanks, and academic institutions. One of its primary missions has been to collect information on people and entities of interest to the Iranian government. Security researchers have also associated Charming Kitten with credential harvesting<\/a> and malware distribution campaigns. Last year, Proofpoint identified the group as even using phishing lures in kinetic attacks<\/a> \u2014 such as attempted kidnapping.<\/p>\n

Charming Kitten is among several threat groups that have been upgrading tactics and their cyber arsenals in support of Iranian government objectives since mid-2021 after Ebrahim Raisi replaced the more moderate Hassan Rouhani as the president of Iran. “After a transition of power in 2021, the [Islamic Revolutionary Guards Corps] and associated APT groups adopted a more aggressive and confrontational approach and demonstrated a willingness to use force to achieve its objectives,” Bitdefender said in its report this week.<\/p>\n

One manifestation of the new approach is the increasingly quick weaponization of newly disclosed exploits and proof of concept code, by Iranian state-sponsored actors and financially motivated threat groups. “It is premature to discuss the motivations of Iranian state-sponsored groups following the power transition in 2021,” Zugec says. “[But] these groups are enhancing their attack strategies and refining their tactics, techniques, and procedures.”<\/p>\n

Ransomware attacks continues to be common method among Iranian groups for monetary gain and for causing disruptions. But Bitdefender has also observed a pattern of sustained involvement by Iranian groups in some campaigns, suggesting long-term objectives. “It is quite possible that these threat actors are employing a trial-and-error approach to test various techniques,” Zugec notes, “in order to determine the most effective modus operandi for their operations.”<\/p>\n

Read More HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The dropper is being used in a Charming Kitten APT campaign that has hit organizations in multiple countries.Read More HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-51683","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"\n'BellaCiao' Showcases How Iran's Threat Groups Are Modernizing Their Malware 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"'BellaCiao' Showcases How Iran's Threat Groups Are Modernizing Their Malware 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-28T20:18:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltac84b29468844221\/644c2496a45ef626f2c0f40d\/iran_DD_Images_shuttestock.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"‘BellaCiao’ Showcases How Iran’s Threat Groups Are Modernizing Their Malware\",\"datePublished\":\"2023-04-28T20:18:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\\\/\"},\"wordCount\":920,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltac84b29468844221\\\/644c2496a45ef626f2c0f40d\\\/iran_DD_Images_shuttestock.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\\\/\",\"name\":\"'BellaCiao' Showcases How Iran's Threat Groups Are Modernizing Their Malware 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltac84b29468844221\\\/644c2496a45ef626f2c0f40d\\\/iran_DD_Images_shuttestock.jpg\",\"datePublished\":\"2023-04-28T20:18:35+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltac84b29468844221\\\/644c2496a45ef626f2c0f40d\\\/iran_DD_Images_shuttestock.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltac84b29468844221\\\/644c2496a45ef626f2c0f40d\\\/iran_DD_Images_shuttestock.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"‘BellaCiao’ Showcases How Iran’s Threat Groups Are Modernizing Their Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"'BellaCiao' Showcases How Iran's Threat Groups Are Modernizing Their Malware 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/","og_locale":"en_US","og_type":"article","og_title":"'BellaCiao' Showcases How Iran's Threat Groups Are Modernizing Their Malware 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-04-28T20:18:35+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltac84b29468844221\/644c2496a45ef626f2c0f40d\/iran_DD_Images_shuttestock.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"‘BellaCiao’ Showcases How Iran’s Threat Groups Are Modernizing Their Malware","datePublished":"2023-04-28T20:18:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/"},"wordCount":920,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltac84b29468844221\/644c2496a45ef626f2c0f40d\/iran_DD_Images_shuttestock.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/","url":"https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/","name":"'BellaCiao' Showcases How Iran's Threat Groups Are Modernizing Their Malware 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltac84b29468844221\/644c2496a45ef626f2c0f40d\/iran_DD_Images_shuttestock.jpg","datePublished":"2023-04-28T20:18:35+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltac84b29468844221\/644c2496a45ef626f2c0f40d\/iran_DD_Images_shuttestock.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltac84b29468844221\/644c2496a45ef626f2c0f40d\/iran_DD_Images_shuttestock.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/bellaciao-showcases-how-irans-threat-groups-are-modernizing-their-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"‘BellaCiao’ Showcases How Iran’s Threat Groups Are Modernizing Their Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51683","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=51683"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51683\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=51683"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=51683"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=51683"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}