December 1, 2023

Microsoft has suspended over 20 OneDrive accounts abusing the service for cyber attacks on Israeli companies across numerous industries across defense and financial services

Microsoft wrote that the organization behind the attacks, which it dubbed Polonium, is based in Lebanon, and said they had moderate confidence that it was collaborating with Iran’s Ministry of Intelligence and Security

The company said Polonium has targeted organizations previously targeted by Mercury, an identified subordinate element within Iran Ministry and has used similar tactics to those of Iranian cyber groups Lyceum and CopyKittens.

Advertisements

These factors point to possible hand-off operations, whereby MOIS provides Polonium with access to previously compromised victim environments in order to execute new activity.

Microsoft has not linked any of Polonium’s attacks to those of other groups based in Lebanon, including Volatile Cedar, a cyber espionage group.

In the past decade, Iran has conducted countless cyber attacks across the globe, affecting the US, Europe and Israel.

Tags:

Leave a Reply

You may have missed

TheCyberThrone Security Week In Review – November 25, 2023

November 30, 2023

BlueVoyant Acquires Conquest Cyber

November 30, 2023

Google Fixes Sixth Chrome ZeroDay of 2023

November 29, 2023

Ardent Health Services affected by a cyber incident

November 29, 2023

GE and DARPA – Claimed Hack raises concerns

November 28, 2023

POC released for Splunk Enterprise Vulnerability- CVE-2023-46214

November 28, 2023
%d bloggers like this: