City
Epaper

Microsoft disables hackers working with Iranian intelligence

By IANS | Updated: June 4, 2022 11:25 IST

San Francisco, June 4 Microsoft has detected and disabled a previously undocumented Lebanon-based activity group that is working ...

Open in App

San Francisco, June 4 Microsoft has detected and disabled a previously undocumented Lebanon-based activity group that is working with other actors affiliated with Iran's Ministry of Intelligence and Security (MOIS) to attack organisations in Israel.

Microsoft Threat Intelligence Center (MSTIC) named the group 'Polonium'.

The tech giant suspended more than 20 malicious OneDrive applications created by Polonium actors, notified affected organisations, and deployed a series of security intelligence updates that will quarantine tools developed by Polonium operators.

"Our goal is to help deter future activity by exposing and sharing the Polonium tactics with the community at large," the company said in a statement.

The group is linked with Iranian government and such collaboration or direction from Tehran would align with a string of revelations since late 2020 that the "Government of Iran is using third parties to carry out cyber operations on their behalf, likely to enhance Iran's plausible deniability".

Polonium has targeted or compromised more than 20 organisations based in Israel and one intergovernmental organisation with operations in Lebanon over the past three months.

"This actor has deployed unique tools that abuse legitimate cloud services for command and control (C2) across most of their victims. Polonium was observed creating and using legitimate OneDrive accounts, then utilising those accounts as C2 to execute part of their attack operation," explained Microsoft.

This activity does not represent any security issues or vulnerabilities on the OneDrive platform.

"As with any observed nation-state actor activity, Microsoft directly notifies customers that have been targeted or compromised, providing them with the information they need to secure their accounts," said the company.

Since February, Polonium has been observed primarily targeting organisations in Israel with a focus on critical manufacturing, IT, and Israel's defense industry.

In at least one case, Polonium's compromise of an IT company was used to target a downstream aviation company and law firm in a supply chain attack that relied on service provider credentials to gain access to the targeted networks, according to the researchers.

Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor

Tags: Ministry of IntelligenceiranmicrosoftSan FranciscoSan francisco bayJose d'saIrShah mohammad aryanPersi`islamic republicIslamic republic of iran
Open in App

Related Stories

InternationalIran Terrorist Attack Video: At Least 8 Killed, 13 Injured in Zahedan Firing; Pakistani Group Claims Responsibility

PunePune: Poster of Iran’s Supreme Leader Ayatollah Ali Khamenei Seen in Loni Station Area (Watch Video)

InternationalIrani Boy Goes in Coma After Man Brutally Slammed Him on Floor at Moscow Airport; CCTV Footage Shocks Internet

MumbaiMumbai: Young Men Lured with Fake Jobs in Dubai, Trafficked to Iran and Forced into Labour; Amboli Police Register FIR

InternationalIsrael-Iran Ceasefire: Dangerous Leaving Wounded Lion, Says Israeli Opposition Leader Avigdor Lieberman

Technology Realted Stories

TechnologyStates asked to undertake regular screening to tackle rising fatty liver disease: Nadda

TechnologyAgra-born man to fly on Blue Origin’s next flight to edge of space

TechnologyWhat is ISRO’s 10-day HOPE analogue mission in Ladakh

TechnologyNFDC launches free residential VFX, animation training for Northeast youth

TechnologyKharif sowing up 4 pc, agriculture gross value added may rise 4.5 pc: Report