Today: June 20, 2025
Subscribe
June 5, 2022
1 min read

Microsoft disables hackers working with Iranian intelligence

Microsoft has detected and disabled a previously undocumented Lebanon-based activity group that is working with other actors affiliated with Iran’s Ministry of Intelligence and Security (MOIS) to attack organisations in Israel…reports Asian Lite News

Microsoft Threat Intelligence Center (MSTIC) named the group ‘Polonium’.

The tech giant suspended more than 20 malicious OneDrive applications created by Polonium actors, notified affected organisations, and deployed a series of security intelligence updates that will quarantine tools developed by Polonium operators.

“Our goal is to help deter future activity by exposing and sharing the Polonium tactics with the community at large,” the company said in a statement.

The group is linked with Iranian government and such collaboration or direction from Tehran would align with a string of revelations since late 2020 that the “Government of Iran is using third parties to carry out cyber operations on their behalf, likely to enhance Iran’s plausible deniability”.

Polonium has targeted or compromised more than 20 organisations based in Israel and one intergovernmental organisation with operations in Lebanon over the past three months.

“This actor has deployed unique tools that abuse legitimate cloud services for command and control (C2) across most of their victims. Polonium was observed creating and using legitimate OneDrive accounts, then utilising those accounts as C2 to execute part of their attack operation,” explained Microsoft.

This activity does not represent any security issues or vulnerabilities on the OneDrive platform.

ALSO READ: Microsoft on a mission to find best windows apps

“As with any observed nation-state actor activity, Microsoft directly notifies customers that have been targeted or compromised, providing them with the information they need to secure their accounts,” said the company.

Since February, Polonium has been observed primarily targeting organisations in Israel with a focus on critical manufacturing, IT, and Israel’s defense industry.

In at least one case, Polonium’s compromise of an IT company was used to target a downstream aviation company and law firm in a supply chain attack that relied on service provider credentials to gain access to the targeted networks, according to the researchers.

Tags:

Related Posts

Previous Story

India directly engages with Taliban 2.0 in Afghanistan

Next Story

Shehbaz in a fix over Pak power crisis

Latest from Arab News

War on Children Worsens, Says UN

The new high surpassed 2023, another record year, which itself represented a 21 per cent increase over the preceding year….reports Asian Lite News Violence against children in conflict zones soared to record

US weighs joining fight with Israel

Europe’s push for diplomacy is in sharp contrast to messages from Washington, with President Trump openly weighing bombing Iran  Iran’s foreign minister will meet in Geneva with counterparts from Germany, France and

Kremlin warns US against Iran strike

Putin revealed that Moscow had proposed several compromise frameworks to all involved parties — including the US, Israel, and Iran Washington would be making a serious mistake by launching an attack on

UAE tops global FDI charts

UNCTAD ranks UAE 10th globally for FDI inflows in 2024, with record AED 167.6 billion secured The United Arab Emirates has emerged as one of the world’s top ten destinations for foreign

Arab nations warn of wider war

According to GCC, the Israeli attacks not only undermine Iranian sovereignty but also pose grave threats to regional peace and security. 21 Arab and Islamic countries have urged a return to negotiations,
Go toTop

Don't Miss

Iran hands over 178 convicted Afghans to Taliban

The convicted would continue their jail terms in Afghanistan under

Iranian Speaker Lauds BRICS Parliamentary Forum

Qalibaf emphasised that Iran’s newly-attained BRICS membership could prepare the