Microsoft has suspended over 20 OneDrive accounts abusing the service for cyber attacks on Israeli companies across numerous industries across defense and financial services
Microsoft wrote that the organization behind the attacks, which it dubbed Polonium, is based in Lebanon, and said they had moderate confidence that it was collaborating with Iran’s Ministry of Intelligence and Security
The company said Polonium has targeted organizations previously targeted by Mercury, an identified subordinate element within Iran Ministry and has used similar tactics to those of Iranian cyber groups Lyceum and CopyKittens.
These factors point to possible hand-off operations, whereby MOIS provides Polonium with access to previously compromised victim environments in order to execute new activity.
Microsoft has not linked any of Polonium’s attacks to those of other groups based in Lebanon, including Volatile Cedar, a cyber espionage group.
In the past decade, Iran has conducted countless cyber attacks across the globe, affecting the US, Europe and Israel.