On Thursday the Microsoft Threat Intelligence Center (MSTIC) issued a report. It claims it proactively “identified and disabled” a Lebanon-based hacking group known as POLONIUM, believed to be working with Iranian intelligence.
The hacking group they tracked targeted or compromised more than 20 Israeli organizations l and one intergovernmental organization with operations in Lebanon. The activity took place over the last 3-months. And the activities appeared to focus on IT, critical manufacturing, and Israel’s defense industry.
Microsoft also posted details of a cloud services provider that “was used to target a downstream aviation company and law firm in a supply chain attack.”
POLONIUM same targets as Muddywater APT
POLONIUM operators also targeted multiple victims compromised by MuddyWater (aka SeedWorm/Temp.Zagros) a high-profile Advanced Persistent Threat (APT) actor sponsored by Iran.
The MuddyWater APT group was tracked by Microsoft as “Mercury”, which U.S. Cyber Command earlier this year linked to Iranian intelligence.