Thursday, June 30, 2022

Home Cyber Security Microsoft disables Lebanon-based hacker group

Microsoft disables Lebanon-based hacker group

Microsoft Threat Intelligence Center (MSTIC) named the group ‘Polonium’

Microsoft has detected and disabled a previously undocumented Lebanon-based activity group that is working with other actors affiliated with Iran’s Ministry of Intelligence and Security (MOIS) to attack organisations in Israel.

Microsoft Threat Intelligence Center (MSTIC) named the group ‘Polonium’.

More than 20 malicious OneDrive applications created by Polonium actors were suspended by the tech giant, affected organisations were notified, and a series of security intelligence updates were deployed that will quarantine tools developed by Polonium operators.

“Our goal is to help deter future activity by exposing and sharing the Polonium tactics with the community at large,” the company said in a statement.

The group is linked with Iranian government and such collaboration or direction from Tehran would align with a string of revelations since late 2020 that the “Government of Iran is using third parties to carry out cyber operations on their behalf, likely to enhance Iran’s plausible deniability.”

Over the past three months, more than 20 organisations based in Israel and one intergovernmental organisation with operations have been targeted or compromised by Polonium.

“This actor has deployed unique tools that abuse legitimate cloud services for command and control (C2) across most of their victims. Polonium was observed creating and using legitimate OneDrive accounts, then utilising those accounts as C2 to execute part of their attack operation,” explained Microsoft.

This activity does not represent any security issues or vulnerabilities on the OneDrive platform.

“As with any observed nation-state actor activity, Microsoft directly notifies customers that have been targeted or compromised, providing them with the information they need to secure their accounts,” said the company.

With a focus on critical manufacturing, IT, and Israel’s defense industry, Polonium, since February, has been observed primarily targeting organisations in Israel.

In at least one case, Polonium’s compromise of an IT company was used to target a downstream aviation company and law firm in a supply chain attack that relied on service provider credentials to gain access to the targeted networks, according to the researchers.

Also readCIO News interviews Shri Wangki Lowang, Minister (IT) of Arunachal Pradesh

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter

About us:

CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics

khushbu Soni CIO News Mercadeo
Khushbu Soni
Chief Editor - CIO News | Founder & CEO - Mercadeo


Please enter your comment!
Please enter your name here

- Advertisment -1x1 banner1x1 banner1x1 banner1x1 banner

Most Popular

GBM conducts artificial intelligence event, UAE organisations to increase spending

The artificial intelligence event delved into how organisations can get started on their AI journeys For an exclusive artificial intelligence event, GBM has brought together...

Clean technology: LG to invest $1.5bn

The push in the clean technology sector will help LG make "a shift toward more high-value industries" LG Corp, South Korea's fourth-largest conglomerate, said on...

AI technology firm Nala Robotics to supply Slice Factory with its autonomous chef

Under the terms of the agreement, to help fuel national expansion efforts the AI technology company will custom design and install Pizzaiola at Slice Factory's...

There shouldn’t be a separation between business and technology, says Deepak Garg, Co-Founder and Chief Technology Officer (CTO) at Dista

The real value a technologist can bring is alignment of technology with actual business needs When asked how he planned his career path to be...

Recent Comments