Iran Caught Using Intermediaries To Hack Israeli Business
Microsoft has disabled attack activity on over 20 OneDrive accounts for abusing the file hosting service in order to carry out cyber attacks on Israeli companies across numerous industries, including defense and financial services
Now, Microsoft has disclosed the organisation behind the attacks, which they have named “Polonium,” which is based in Lebanon, most likely in collaboration with Iran’s Ministry of Intelligence and Security (MOIS). “Such collaboration or direction from Tehran would align with a string of revelations since late 2020 that the government of Iran is using third parties to carry out cyber operations on their behalf, likely to enhance Iran’s plausible deniability” Microsoft said.
Polonium has targeted organisations previously targeted by Mercury, an identified “subordinate element” within MOIS, and has used similar tactics to those of Iranian cyber groups “Lyceum” and “CopyKittens.” Microsoft suggested that these factors point to possible “hand-off” operations, whereby MOIS provides Polonium with access to previously compromised victim environments in order to execute new activity.
“Multiple manufacturing companies they targeted also serve Israel’s defense industry, indicating a Polonium tactic that follows an increasing trend by many actors, including among several Iranian groups, of targeting service provider access to gain downstream access,” Microsoft said in statement.
Iran has conducted many cyber attacks around the world, affecting the US, Europe and Israel. The targets have included those in the manufacturing, IT, transportation, defense, government, agriculture, financial, and healthcare sectors.
Microsoft has previously beaten off several Iranian-linked cyber attacks on Israeli organisations, including in October 2021 when it announced hackers from Iran got into US and Israeli defense technology companies. In one incident, an IT company was used to target a downstream aviation company.
Israel's National Cyber Directorate has recently launched a joint venture with the Communications Ministry to strengthen national cyber security. These reforms require firms to purchase cutting-edge cyber security technology to identify, contain and recover potential cyber attacks, as well as to create internal measures to show the cyber security efforts they take.
Microsoft: Times of Israel: Al Arabiya: i24: Hacker News: National Cybesecurity News: The Record:
You Might Also Read:
Significant Growth In State-Sponsored Cyber Attacks: