/*! elementor-pro - v3.26.0 - 17-12-2024 */
(()=>{"use strict";class Screenshot extends elementorModules.ViewModule{getDefaultSettings(){return{empty_content_headline:"Empty Content.",crop:{width:1200,height:1500},excluded_external_css_urls:["https://kit-pro.fontawesome.com"],external_images_urls:["https://i.ytimg.com"],timeout:15e3,render_timeout:5e3,timerLabel:null,timer_label:`${ElementorScreenshotConfig.post_id} - timer`,image_placeholder:"data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=",isDebug:elementorCommonConfig.isElementorDebug,isDebugSvg:!1,...ElementorScreenshotConfig}}getDefaultElements(){const e=jQuery(ElementorScreenshotConfig.selector),t=e.find(".elementor-section-wrap > .elementor-section, .elementor > .elementor-section");return{$elementor:e,$sections:t,$firstSection:t.first(),$notElementorElements:elementorCommon.elements.$body.find("> *:not(style, link)").not(e),$head:jQuery("head")}}onInit(){return super.onInit(),this.log("Screenshot init","time"),this.timeoutTimer=setTimeout(this.screenshotFailed.bind(this),this.getSettings("timeout")),this.captureScreenshot()}captureScreenshot(){return this.elements.$elementor.length||(elementorCommon.helpers.consoleWarn("Screenshots: The content of this page is empty, the module will create a fake conent just for this screenshot."),this.createFakeContent()),this.removeUnnecessaryElements(),this.handleIFrames(),this.removeFirstSectionMargin(),this.handleLinks(),this.loadExternalCss(),this.loadExternalImages(),Promise.resolve().then(this.createImage.bind(this)).then(this.createImageElement.bind(this)).then(this.cropCanvas.bind(this)).then(this.save.bind(this)).then(this.screenshotSucceed.bind(this)).catch(this.screenshotFailed.bind(this))}createFakeContent(){this.elements.$elementor=jQuery("<div>").css({height:this.getSettings("crop.height"),width:this.getSettings("crop.width"),display:"flex",alignItems:"center",justifyContent:"center"}),this.elements.$elementor.append(jQuery("<h1>").css({fontSize:"85px"}).html(this.getSettings("empty_content_headline"))),document.body.prepend(this.elements.$elementor)}loadExternalCss(){const e=[this.getSettings("home_url"),...this.getSettings("excluded_external_css_urls")].map((e=>`[href^="${e}"]`)).join(", ");jQuery("link").not(e).each(((e,t)=>{const s=jQuery(t),n=s.clone();n.attr("href",this.getScreenshotProxyUrl(s.attr("href"))),this.elements.$head.append(n),s.remove()}))}loadExternalImages(){const e=this.getSettings("external_images_urls").map((e=>`img[src^="${e}"]`)).join(", ");jQuery(e).each(((e,t)=>{const s=jQuery(t);s.attr("src",this.getScreenshotProxyUrl(s.attr("src")))}))}handleIFrames(){this.elements.$elementor.find("iframe").each(((e,t)=>{const s=jQuery(t),n=jQuery("<div />",{css:{background:"gray",width:s.width(),height:s.height()}});s.before(n),s.remove()}))}removeUnnecessaryElements(){let e=0;this.elements.$sections.filter(((t,s)=>{let n=!1;return e>=this.getSettings("crop.height")&&(n=!0),e+=jQuery(s).outerHeight(),n})).each(((e,t)=>{t.remove()})),this.elements.$notElementorElements.remove()}handleLinks(){elementorCommon.elements.$body.find("a").attr("href","/")}removeFirstSectionMargin(){this.elements.$firstSection.css({marginTop:0})}createImage(){const e=new Promise((e=>{window.addEventListener("load",(()=>{e()}))})),t=new Promise((e=>{setTimeout((()=>{e()}),this.getSettings("render_timeout"))}));return Promise.race([e,t]).then((()=>{if(this.log("Start creating screenshot."),this.getSettings("isDebugSvg"))return domtoimage.toSvg(document.body,{imagePlaceholder:this.getSettings("image_placeholder")}).then((e=>this.download(e))),Promise.reject("Debug SVG.");return/^((?!chrome|android).)*safari/i.test(window.userAgent)?(this.log('Creating screenshot with "html2canvas"'),html2canvas(document.body).then((e=>e.toDataURL("image/png")))):(this.log('Creating screenshot with "dom-to-image"'),domtoimage.toPng(document.body,{imagePlaceholder:this.getSettings("image_placeholder")}))}))}download(e){const t=jQuery("<a/>",{href:e,download:"debugSvg.svg",html:"Download SVG"});elementorCommon.elements.$body.append(t),t.trigger("click")}createImageElement(e){const t=new Image;return t.src=e,new Promise((e=>{t.onload=()=>e(t)}))}cropCanvas(e){const t=this.getSettings("crop.width"),s=this.getSettings("crop.height"),n=document.createElement("canvas"),i=n.getContext("2d"),o=t/e.width;return n.width=t,n.height=s>e.height?e.height:s,i.drawImage(e,0,0,e.width,e.height,0,0,e.width*o,e.height*o),Promise.resolve(n)}save(e){return new Promise(((t,s)=>{elementorCommon.ajax.addRequest("screenshot_save",{data:{post_id:this.getSettings("post_id"),screenshot:e.toDataURL("image/png")},success:e=>{this.log(`Screenshot created: ${encodeURI(e)}`),t(e)},error:()=>{this.log("Failed to create screenshot."),s()}})}))}markAsFailed(){return new Promise(((e,t)=>{elementorCommon.ajax.addRequest("screenshot_failed",{data:{post_id:this.getSettings("post_id")},success:()=>{this.log("Marked as failed."),e()},error:()=>{this.log("Failed to mark this screenshot as failed."),t()}})}))}getScreenshotProxyUrl(e){return`${this.getSettings("home_url")}?screenshot_proxy&nonce=${this.getSettings("nonce")}&href=${e}`}screenshotSucceed(e){this.screenshotDone(!0,e)}screenshotFailed(e){this.log(e,null),this.markAsFailed().then((()=>this.screenshotDone(!1)))}screenshotDone(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:null;clearTimeout(this.timeoutTimer),this.timeoutTimer=null,window.parent.postMessage({name:"capture-screenshot-done",success:e,id:this.getSettings("post_id"),imageUrl:t},"*"),this.log(`Screenshot ${e?"Succeed":"Failed"}.`,"timeEnd")}log(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"timeLog";this.getSettings("isDebug")&&(console.log("string"==typeof e?`${this.getSettings("post_id")} - ${e}`:e),t&&console[t](this.getSettings("timer_label")))}}jQuery((()=>{new Screenshot}))})();{"id":800,"date":"2024-11-17T16:03:56","date_gmt":"2024-11-17T16:03:56","guid":{"rendered":"https:\/\/thetach.com\/?p=800"},"modified":"2024-11-17T16:04:01","modified_gmt":"2024-11-17T16:04:01","slug":"iranian-hackers-deploy-wezrat-malware-in-attacks-targeting-israeli-organizations","status":"publish","type":"post","link":"https:\/\/thetach.com\/?p=800","title":{"rendered":"Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations"},"content":{"rendered":"\n<p>Specialists in <strong>cyber security<\/strong> identified a serious new threat in the sphere of <strong>hacker attacks<\/strong> carried out by Iran. These attacks employ <strong>WezRat malware<\/strong>: it is a remote access trojan as well as an information stealer. This advanced tool launched by Ir<strong>anian state-sponsored hackers<\/strong> to perpetrate the network, steal confidential information, and perform destructive operations. First identified through artifacts uploaded to <strong>VirusTotal<\/strong>, <strong>WezRat malware<\/strong> has been active since at least September 1, 2023. Their appearance can considered proof of the increased complexity of<strong> Iranian Hackers Attacks<\/strong>. They operate outside the visually seen defenses and this makes the hackers conduct huge unannounced raids. Such activity poses a grave threat to targeted organizations and their critical infrastructure.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Capabilities and Design of WezRat<\/strong><\/h2>\n\n\n\n<p><strong>WezRat malware<\/strong> exhibits highly advanced capabilities, making it a powerful tool in <strong>Iranian hacker attacks<\/strong>. It provides the attacker full functionality of commands, screenshot capture, file uploading, keystroke logging, clipboard content stealing, and cookies stealing. These two features give the attackers real-time command and control,\u0442\u0435\u0440 data theft permissions of the compromised systems thus escalating the effects of the attacks.<\/p>\n\n\n\n<p>As highlighted by cybersecurity firm <strong>Check Point<\/strong>, some functions of <strong>WezRat malware<\/strong> depend on separate modules retrieved from a <strong>command-and-control (C&amp;C)<\/strong> server. These modules, delivered as <strong>DLL files<\/strong>, reduce the visibility of the malware\u2019s main component, enhancing its stealth and effectiveness.<\/p>\n\n\n\n<p>The inclusion of modular functionality ensures <strong>WezRat<\/strong> remains undetected for longer periods during <strong>Iranian Hackers Attacks<\/strong>, enabling persistent access to compromised networks. Such sophisticated tactics underscore the advanced strategies employed by Iranian <strong>state-sponsored groups<\/strong> to achieve their malicious objectives.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Attribution to Cotton Sandstorm<\/strong><\/h2>\n\n\n\n<p>The development of <strong>WezRat malware<\/strong> linked to <strong>Cotton Sandstorm<\/strong>, a prominent hacking group notorious for conducting numerous <strong>Iranian hacker attacks<\/strong>. Previously known as <strong>Emennet Pasargad<\/strong> and more recently as <strong>Aria Sepehr Ayandehsazan (ASA)<\/strong>, this group has a documented history of engaging in high-profile <strong>cyberattacks<\/strong>.<\/p>\n\n\n\n<p>Reports from <strong>U.S. and Israeli cybersecurity agencies<\/strong>, published in late September 2023, detailed the capabilities and usage of <strong>WezRat malware<\/strong>. These reports confirmed that the malware serves as a powerful tool for gathering endpoint data and executing remote commands, further solidifying its association with <strong>Iranian hacker attacks<\/strong>.<\/p>\n\n\n\n<p><strong>Cotton Sandstorm\u2019s operations<\/strong> reflect a highly coordinated strategy aimed at disrupting systems, gathering intelligence, and maintaining long-term access to critical networks. By leveraging tools like <strong>WezRat malware<\/strong>, the group continues to pose significant challenges to global cybersecurity frameworks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Deployment Strategy and Phishing Campaigns<\/strong><\/h2>\n\n\n\n<p><strong>WezRat malware<\/strong> widely distributed through targeted <strong>phishing campaigns<\/strong>, a hallmark of <strong>Iranian hacker attacks<\/strong>. These campaigns rely on deception to trick victims into downloading malware-laced files, compromising their systems.<\/p>\n\n\n\n<p>One particularly effective method involves the distribution of <strong>trojanized Google Chrome installers<\/strong>, deceptively named &#8220;Google Chrome Installer.msi.&#8221; While these installers deliver the legitimate Chrome browser, they also include a malicious binary called &#8220;Updater.exe&#8221; (internally referred to as &#8220;bd.exe&#8221;). Once active, the malware collects system information and establishes contact with its <strong>command-and-control server<\/strong> at &#8220;connect. il-cert[.]net,&#8221; awaiting further instructions to carry out malicious actions.<\/p>\n\n\n\n<p>Phishing emails impersonating the <strong>Israeli National Cyber Directorate (INCD)<\/strong> have been a primary vector for spreading <strong>WezRat malware<\/strong>. These emails, sent on October 21, 2024, originated  and urged recipients to install an urgent <strong>Chrome security update<\/strong>. This carefully crafted strategy exemplifies the high level of planning involved in <strong>Iranian Hackers Attacks<\/strong>, ensuring their campaigns reach specific, high-value targets.<\/p>\n\n\n\n<p>The malware&#8217;s execution requires specific parameters, including the <strong>C&amp;C server address<\/strong> and a numeric &#8220;password,&#8221; to function correctly. If incorrect parameters are supplied, the malware may crash or perform unintended actions, complicating analysis and detection efforts.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Implications of Iranian Hackers Attacks<\/strong><\/h2>\n\n\n\n<p>The discovery of <strong>WezRat malware<\/strong> highlights the escalating threat posed by <strong>Iranian hacker attacks<\/strong>. These State-sponsored campaigns target the critical infrastructures, sensitive data, and the premium intellectual property assets of an organization making the organization open to severe penetrations and operational intermissions.<\/p>\n\n\n\n<p>The fact that <strong>WezRat malware<\/strong> used in <strong>Iranian hacker attacks<\/strong> operates unnoticed, can steal information, and remains controlling the infected nodes after that proves that the authors of these attacks used rather complex tactics. <\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"654\" height=\"372\" src=\"https:\/\/thetach.com\/wp-content\/uploads\/2024\/11\/WezRat-malware.jpg\" alt=\"Iranian hacker attacks WezRat malware \" class=\"wp-image-802\" srcset=\"https:\/\/thetach.com\/wp-content\/uploads\/2024\/11\/WezRat-malware.jpg 654w, https:\/\/thetach.com\/wp-content\/uploads\/2024\/11\/WezRat-malware-300x171.jpg 300w\" sizes=\"(max-width: 654px) 100vw, 654px\" \/><\/figure><\/div>\n\n\n<p>It is imperative for organizations to appreciate the great risks which are associated with these threats and to work hard to come up with some ways of minimizing the effects arising from the probable losses.<\/p>\n\n\n\n<p>These attacks also have consequences for nations, corporations, and the fundamental applicability of the internet.<strong> Iranian hacker attacks<\/strong> pose a continuing and complex threat that needs a collective and preventive approach from all the world\u2019s leaders in <strong>Cyberspace security<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Strengthening Cybersecurity Measures<\/strong><\/h2>\n\n\n\n<p>To minimize the effects that the <strong>Iranian hackers<\/strong> would continue to cause to various organizations, the organizations have to incorporate the following measures. This entails using <strong>new-generation threat<\/strong> scanning programs, vulnerability assessment, and em-entry filtering to check on possible phishing attempts.<\/p>\n\n\n\n<p>Another is the recognition and reporting needs among the employees to accommodate the training of learning scantling and other suspicious activities. By frequently sending out test phishing emails and conducting introductory sessions, the effects of attack from <strong>Iran\u2019s hackers<\/strong> can be greatly minimized eliminating instances of hacking.<\/p>\n\n\n\n<p>Organizations should also have a proper software download policy that will see them only download applications from verified sources. Applying timely updates and patches is essential to close known vulnerabilities, particularly those exploited by malware like <strong>WezRat<\/strong>.<\/p>\n\n\n\n<p>Collaboration between international cybersecurity agencies and private organizations is vital. Sharing intelligence on <strong>Iranian hacker attacks<\/strong> and their methodologies can lead to more effective responses and improved resilience against future threats.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Conclusion<\/strong><\/h2>\n\n\n\n<p>The emergence of <strong>WezRat malware<\/strong> underscores the escalating sophistication of <strong>Iranian hacker attacks<\/strong>. Through the use of sophisticated technologies and the utilization of trickery, state-sponsored actors like Cotton Sandstorm remain overseas as an adversary for worldwide protection systems and as a problem for organizations.<\/p>\n\n\n\n<p>There is no room for complacency and organisations have to be equally and continually proactive in addressing these enduring threats. Purchasing more sophisticated attack detection and prevention systems, improving <strong>socially secure computing education<\/strong>, and integrating multination coordination measures are some steps toward eliminating the threats represented by such highly technical invasions.<\/p>\n\n\n\n<p>Such discovery of <strong>WezRat malware<\/strong> should remind us every day brings new and innovative threats from<strong> cyber criminals<\/strong>. Today\u2019s dangerous world demands an effective and flexible<strong> IT security <\/strong>solution to protect data and prevent<strong> Iranian hackers<\/strong> from blocking large businesses and affecting trust in digital environments.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>FAQs<\/strong><\/h2>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1731858972948\"><strong class=\"schema-faq-question\"><strong>What is WezRat malware?<\/strong><\/strong> <p class=\"schema-faq-answer\">WezRat is a <strong>remote access trojan<\/strong> used in <strong>Iranian Hacker Attacks<\/strong> targeting sensitive systems.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1731858974012\"><strong class=\"schema-faq-question\"><strong>How does WezRat spread?<\/strong><\/strong> <p class=\"schema-faq-answer\">It spreads through phishing emails and <strong>trojanized Google Chrome installers<\/strong> downloaded by victims.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1731859071724\"><strong class=\"schema-faq-question\"><strong>Who is responsible for these attacks?<\/strong><\/strong> <p class=\"schema-faq-answer\">The attacks are attributed to <strong>Cotton Sandstorm<\/strong>, a group behind <strong>Iranian Hackers Attacks<\/strong>.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1731859084312\"><strong class=\"schema-faq-question\"><strong>What are the risks associated with WezRat malware?<\/strong><\/strong> <p class=\"schema-faq-answer\">WezRat enables <strong>data theft<\/strong>, operational disruption, and prolonged unauthorized control of systems.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1731859097608\"><strong class=\"schema-faq-question\"><strong>How can organizations defend against these threats?<\/strong><\/strong> <p class=\"schema-faq-answer\">Using email filters, conducting training, and applying timely patches can prevent <strong>Iranian hacker attacks<\/strong>.<\/p> <\/div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Specialists in cyber security identified a serious new threat in the sphere of hacker attacks carried out by Iran. These attacks employ WezRat malware: it is a remote access trojan as well as an information stealer. This advanced tool launched by Iranian state-sponsored hackers to perpetrate the network, steal confidential information, and perform destructive operations. &#8230; <a title=\"Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations\" class=\"read-more\" href=\"https:\/\/thetach.com\/?p=800\" aria-label=\"Read more about Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":801,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[290,288,289],"class_list":["post-800","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-cotton-sandstorm-group","tag-iranian-hacker-attacks","tag-wezrat-malware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Iranian Hackers Attacks Targeting Israeli Organizations<\/title>\n<meta name=\"description\" content=\"Iranian Hackers Attacks utilize WezRat malware to steal sensitive data and execute remote commands, targeting critical organizations.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/thetach.com\/?p=800\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Iranian Hackers Attacks Targeting Israeli Organizations\" \/>\n<meta property=\"og:description\" content=\"Iranian Hackers Attacks utilize WezRat malware to steal sensitive data and execute remote commands, targeting critical organizations.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/thetach.com\/?p=800\" \/>\n<meta property=\"og:site_name\" content=\"The Tach\" \/>\n<meta property=\"article:published_time\" content=\"2024-11-17T16:03:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-11-17T16:04:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/thetach.com\/wp-content\/uploads\/2024\/11\/Iranian-Hackers-Attacks.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"653\" \/>\n\t<meta property=\"og:image:height\" content=\"366\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"burhan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"burhan\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/thetach.com\/?p=800\",\"url\":\"https:\/\/thetach.com\/?p=800\",\"name\":\"Iranian Hackers Attacks Targeting Israeli Organizations\",\"isPartOf\":{\"@id\":\"https:\/\/thetach.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/thetach.com\/?p=800#primaryimage\"},\"image\":{\"@id\":\"https:\/\/thetach.com\/?p=800#primaryimage\"},\"thumbnailUrl\":\"https:\/\/thetach.com\/wp-content\/uploads\/2024\/11\/Iranian-Hackers-Attacks.jpg\",\"datePublished\":\"2024-11-17T16:03:56+00:00\",\"dateModified\":\"2024-11-17T16:04:01+00:00\",\"author\":{\"@id\":\"https:\/\/thetach.com\/#\/schema\/person\/6d6cb82cade4630d79ecea8e44584e24\"},\"description\":\"Iranian Hackers Attacks utilize WezRat malware to steal sensitive data and execute remote commands, targeting critical organizations.\",\"breadcrumb\":{\"@id\":\"https:\/\/thetach.com\/?p=800#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/thetach.com\/?p=800#faq-question-1731858972948\"},{\"@id\":\"https:\/\/thetach.com\/?p=800#faq-question-1731858974012\"},{\"@id\":\"https:\/\/thetach.com\/?p=800#faq-question-1731859071724\"},{\"@id\":\"https:\/\/thetach.com\/?p=800#faq-question-1731859084312\"},{\"@id\":\"https:\/\/thetach.com\/?p=800#faq-question-1731859097608\"}],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/thetach.com\/?p=800\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/thetach.com\/?p=800#primaryimage\",\"url\":\"https:\/\/thetach.com\/wp-content\/uploads\/2024\/11\/Iranian-Hackers-Attacks.jpg\",\"contentUrl\":\"https:\/\/thetach.com\/wp-content\/uploads\/2024\/11\/Iranian-Hackers-Attacks.jpg\",\"width\":653,\"height\":366,\"caption\":\"Iranian Hackers Attacks\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/thetach.com\/?p=800#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/thetach.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/thetach.com\/#website\",\"url\":\"https:\/\/thetach.com\/\",\"name\":\"The Tach\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/thetach.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/thetach.com\/#\/schema\/person\/6d6cb82cade4630d79ecea8e44584e24\",\"name\":\"burhan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/thetach.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/97ceb1b65cf3f734d7ae9f33b317bd9c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/97ceb1b65cf3f734d7ae9f33b317bd9c?s=96&d=mm&r=g\",\"caption\":\"burhan\"},\"sameAs\":[\"https:\/\/thetach.com\"],\"url\":\"https:\/\/thetach.com\/?author=1\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/thetach.com\/?p=800#faq-question-1731858972948\",\"position\":1,\"url\":\"https:\/\/thetach.com\/?p=800#faq-question-1731858972948\",\"name\":\"What is WezRat malware?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"WezRat is a <strong>remote access trojan<\/strong> used in <strong>Iranian Hacker Attacks<\/strong> targeting sensitive systems.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/thetach.com\/?p=800#faq-question-1731858974012\",\"position\":2,\"url\":\"https:\/\/thetach.com\/?p=800#faq-question-1731858974012\",\"name\":\"How does WezRat spread?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"It spreads through phishing emails and <strong>trojanized Google Chrome installers<\/strong> downloaded by victims.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/thetach.com\/?p=800#faq-question-1731859071724\",\"position\":3,\"url\":\"https:\/\/thetach.com\/?p=800#faq-question-1731859071724\",\"name\":\"Who is responsible for these attacks?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The attacks are attributed to <strong>Cotton Sandstorm<\/strong>, a group behind <strong>Iranian Hackers Attacks<\/strong>.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/thetach.com\/?p=800#faq-question-1731859084312\",\"position\":4,\"url\":\"https:\/\/thetach.com\/?p=800#faq-question-1731859084312\",\"name\":\"What are the risks associated with WezRat malware?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"WezRat enables <strong>data theft<\/strong>, operational disruption, and prolonged unauthorized control of systems.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/thetach.com\/?p=800#faq-question-1731859097608\",\"position\":5,\"url\":\"https:\/\/thetach.com\/?p=800#faq-question-1731859097608\",\"name\":\"How can organizations defend against these threats?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Using email filters, conducting training, and applying timely patches can prevent <strong>Iranian hacker attacks<\/strong>.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Iranian Hackers Attacks Targeting Israeli Organizations","description":"Iranian Hackers Attacks utilize WezRat malware to steal sensitive data and execute remote commands, targeting critical organizations.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/thetach.com\/?p=800","og_locale":"en_US","og_type":"article","og_title":"Iranian Hackers Attacks Targeting Israeli Organizations","og_description":"Iranian Hackers Attacks utilize WezRat malware to steal sensitive data and execute remote commands, targeting critical organizations.","og_url":"https:\/\/thetach.com\/?p=800","og_site_name":"The Tach","article_published_time":"2024-11-17T16:03:56+00:00","article_modified_time":"2024-11-17T16:04:01+00:00","og_image":[{"width":653,"height":366,"url":"https:\/\/thetach.com\/wp-content\/uploads\/2024\/11\/Iranian-Hackers-Attacks.jpg","type":"image\/jpeg"}],"author":"burhan","twitter_card":"summary_large_image","twitter_misc":{"Written by":"burhan","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["WebPage","FAQPage"],"@id":"https:\/\/thetach.com\/?p=800","url":"https:\/\/thetach.com\/?p=800","name":"Iranian Hackers Attacks Targeting Israeli Organizations","isPartOf":{"@id":"https:\/\/thetach.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/thetach.com\/?p=800#primaryimage"},"image":{"@id":"https:\/\/thetach.com\/?p=800#primaryimage"},"thumbnailUrl":"https:\/\/thetach.com\/wp-content\/uploads\/2024\/11\/Iranian-Hackers-Attacks.jpg","datePublished":"2024-11-17T16:03:56+00:00","dateModified":"2024-11-17T16:04:01+00:00","author":{"@id":"https:\/\/thetach.com\/#\/schema\/person\/6d6cb82cade4630d79ecea8e44584e24"},"description":"Iranian Hackers Attacks utilize WezRat malware to steal sensitive data and execute remote commands, targeting critical organizations.","breadcrumb":{"@id":"https:\/\/thetach.com\/?p=800#breadcrumb"},"mainEntity":[{"@id":"https:\/\/thetach.com\/?p=800#faq-question-1731858972948"},{"@id":"https:\/\/thetach.com\/?p=800#faq-question-1731858974012"},{"@id":"https:\/\/thetach.com\/?p=800#faq-question-1731859071724"},{"@id":"https:\/\/thetach.com\/?p=800#faq-question-1731859084312"},{"@id":"https:\/\/thetach.com\/?p=800#faq-question-1731859097608"}],"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/thetach.com\/?p=800"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/thetach.com\/?p=800#primaryimage","url":"https:\/\/thetach.com\/wp-content\/uploads\/2024\/11\/Iranian-Hackers-Attacks.jpg","contentUrl":"https:\/\/thetach.com\/wp-content\/uploads\/2024\/11\/Iranian-Hackers-Attacks.jpg","width":653,"height":366,"caption":"Iranian Hackers Attacks"},{"@type":"BreadcrumbList","@id":"https:\/\/thetach.com\/?p=800#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/thetach.com\/"},{"@type":"ListItem","position":2,"name":"Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations"}]},{"@type":"WebSite","@id":"https:\/\/thetach.com\/#website","url":"https:\/\/thetach.com\/","name":"The Tach","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/thetach.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/thetach.com\/#\/schema\/person\/6d6cb82cade4630d79ecea8e44584e24","name":"burhan","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/thetach.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/97ceb1b65cf3f734d7ae9f33b317bd9c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/97ceb1b65cf3f734d7ae9f33b317bd9c?s=96&d=mm&r=g","caption":"burhan"},"sameAs":["https:\/\/thetach.com"],"url":"https:\/\/thetach.com\/?author=1"},{"@type":"Question","@id":"https:\/\/thetach.com\/?p=800#faq-question-1731858972948","position":1,"url":"https:\/\/thetach.com\/?p=800#faq-question-1731858972948","name":"What is WezRat malware?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"WezRat is a <strong>remote access trojan<\/strong> used in <strong>Iranian Hacker Attacks<\/strong> targeting sensitive systems.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/thetach.com\/?p=800#faq-question-1731858974012","position":2,"url":"https:\/\/thetach.com\/?p=800#faq-question-1731858974012","name":"How does WezRat spread?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"It spreads through phishing emails and <strong>trojanized Google Chrome installers<\/strong> downloaded by victims.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/thetach.com\/?p=800#faq-question-1731859071724","position":3,"url":"https:\/\/thetach.com\/?p=800#faq-question-1731859071724","name":"Who is responsible for these attacks?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"The attacks are attributed to <strong>Cotton Sandstorm<\/strong>, a group behind <strong>Iranian Hackers Attacks<\/strong>.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/thetach.com\/?p=800#faq-question-1731859084312","position":4,"url":"https:\/\/thetach.com\/?p=800#faq-question-1731859084312","name":"What are the risks associated with WezRat malware?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"WezRat enables <strong>data theft<\/strong>, operational disruption, and prolonged unauthorized control of systems.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/thetach.com\/?p=800#faq-question-1731859097608","position":5,"url":"https:\/\/thetach.com\/?p=800#faq-question-1731859097608","name":"How can organizations defend against these threats?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Using email filters, conducting training, and applying timely patches can prevent <strong>Iranian hacker attacks<\/strong>.","inLanguage":"en-US"},"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/thetach.com\/index.php?rest_route=\/wp\/v2\/posts\/800","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thetach.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thetach.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thetach.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thetach.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=800"}],"version-history":[{"count":1,"href":"https:\/\/thetach.com\/index.php?rest_route=\/wp\/v2\/posts\/800\/revisions"}],"predecessor-version":[{"id":803,"href":"https:\/\/thetach.com\/index.php?rest_route=\/wp\/v2\/posts\/800\/revisions\/803"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thetach.com\/index.php?rest_route=\/wp\/v2\/media\/801"}],"wp:attachment":[{"href":"https:\/\/thetach.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=800"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thetach.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=800"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thetach.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=800"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}