Today: 17 March 2025
Subscribe
5 June 2022
1 min read

Microsoft disables hackers working with Iranian intelligence

Microsoft has detected and disabled a previously undocumented Lebanon-based activity group that is working with other actors affiliated with Iran’s Ministry of Intelligence and Security (MOIS) to attack organisations in Israel…reports Asian Lite News

Microsoft Threat Intelligence Center (MSTIC) named the group ‘Polonium’.

The tech giant suspended more than 20 malicious OneDrive applications created by Polonium actors, notified affected organisations, and deployed a series of security intelligence updates that will quarantine tools developed by Polonium operators.

“Our goal is to help deter future activity by exposing and sharing the Polonium tactics with the community at large,” the company said in a statement.

The group is linked with Iranian government and such collaboration or direction from Tehran would align with a string of revelations since late 2020 that the “Government of Iran is using third parties to carry out cyber operations on their behalf, likely to enhance Iran’s plausible deniability”.

Polonium has targeted or compromised more than 20 organisations based in Israel and one intergovernmental organisation with operations in Lebanon over the past three months.

“This actor has deployed unique tools that abuse legitimate cloud services for command and control (C2) across most of their victims. Polonium was observed creating and using legitimate OneDrive accounts, then utilising those accounts as C2 to execute part of their attack operation,” explained Microsoft.

This activity does not represent any security issues or vulnerabilities on the OneDrive platform.

ALSO READ: Microsoft on a mission to find best windows apps

“As with any observed nation-state actor activity, Microsoft directly notifies customers that have been targeted or compromised, providing them with the information they need to secure their accounts,” said the company.

Since February, Polonium has been observed primarily targeting organisations in Israel with a focus on critical manufacturing, IT, and Israel’s defense industry.

In at least one case, Polonium’s compromise of an IT company was used to target a downstream aviation company and law firm in a supply chain attack that relied on service provider credentials to gain access to the targeted networks, according to the researchers.

Tags:

Related Posts

Previous Story

Iran welcomes UN-backed truce renewal in Yemen

Next Story

UAE President visits Rulers of the Emirates

Latest from Arab News

Palestinians Seek Help to End Israeli Siege 

The Palestinian Ministry of National Economy: “We remind the entire world that Israel is refusing to allow the entry of basic health and humanitarian needs, especially water, electricity, and food, to the

UAE Celebrates Emirati Children’s Day

The United Arab Emirates is celebrating Emirati Children’s Day today, reaffirming its dedication to nurturing a safe and supportive environment for the nation’s children. This annual occasion highlights the UAE’s commitment to

US pullback on Gaza plan welcomed 

The Hamas movement also responded positively, stating that the reversal was a welcome move….reports Asian Lite News Palestinian, Jordanian, and Egyptian officials have welcomed US President Donald Trump’s decision to abandon his

Can AI Transform the Future of India-GCC Ties? 

One area where AI can significantly enhance India-GCC cooperation is in the field of supply chain management and logistics. …writes Sudhanshu Kumar and Rashi Randev  Recently, a few months back, the External

Syrian leader signs constitutional declaration 

The declaration enshrines several fundamental rights, including freedom of opinion, expression, the press, and access to information.  Syrian President Ahmad al-Sharaa signed the draft Constitutional Declaration on Thursday, marking a significant step
Go toTop

Don't Miss

Iran nuclear talks end as EU submits ‘final text’

The parties have been seeking to resolve differences over the

European statement on nuclear talks ‘unconstructive’: Iran

The spokesman also cautioned the European countries against resorting to