May 28, 2023

Microsoft has suspended over 20 OneDrive accounts abusing the service for cyber attacks on Israeli companies across numerous industries across defense and financial services

Microsoft wrote that the organization behind the attacks, which it dubbed Polonium, is based in Lebanon, and said they had moderate confidence that it was collaborating with Iran’s Ministry of Intelligence and Security

The company said Polonium has targeted organizations previously targeted by Mercury, an identified subordinate element within Iran Ministry and has used similar tactics to those of Iranian cyber groups Lyceum and CopyKittens.

Advertisements

These factors point to possible hand-off operations, whereby MOIS provides Polonium with access to previously compromised victim environments in order to execute new activity.

Microsoft has not linked any of Polonium’s attacks to those of other groups based in Lebanon, including Volatile Cedar, a cyber espionage group.

In the past decade, Iran has conducted countless cyber attacks across the globe, affecting the US, Europe and Israel.

Tags:

Leave a Reply

You may have missed

Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
Buhti Ransomware Dissection

Buhti Ransomware Dissection

May 26, 2023
Volt Typhoon – Chinese Threat Actor Targetting US Infra

Volt Typhoon – Chinese Threat Actor Targetting US Infra

May 25, 2023
%d bloggers like this: