Attacks with the new WezRat information stealer and remote access trojan have been deployed by Iranian state-backed hacking operation Cotton Sandstorm, also known as Emennet Pasargad and Aria Sepehr Ayandehsazan, against numerous organizations across Israel, reports The Hacker News.
Malicious emails spoofing Israel's National Cyber Directorate have been leveraged by Cotton Sandstorm to lure targeted entities into downloading a Google Chrome security update, which facilitates the delivery of WezRAT that enables file downloading, screenshot capturing, keystroke logging, clipboard content extraction, and Chromium browser cookie compromise, an analysis from Check Point revealed. Researchers also noted that the increasingly complex infrastructure of WezRAT, which was initially only a RAT, suggested the operation to be a collaboration between different threat actors. "The ongoing development and refinement of WezRat indicates a dedicated investment in maintaining a versatile and evasive tool for cyber espionage. Emennet Pasargad's activities target various entities across the United States, Europe, and the Middle East, posing a threat not only to direct political adversaries but also to any group or individual with influence over Iran's international or domestic narrative," said the report.
