Cybersecurity: Microsoft disrupts POLONIUM group hackers targeting Israel 

184
SHARE

The hackers, known as POLONIUM, were previously unknown threat actors.

They initially created legitimate Microsoft OneDrive accounts. And then utilized those accounts as command and control (C2) to execute part of their attack operation. 

According to the report, “POLONIUM has been observed deploying a series of custom implants that utilize cloud services for command and control as well as data exfiltration. MSTIC has observed implants connecting to POLONIUM-owned accounts in OneDrive and Dropbox.” 

The threat actor did not exploit any security issues or vulnerabilities within OneDrive.

MSTIC determined with high confidence that the hacker group is based in Lebanon. And claims they are “moderately” confident that Polonium was collaborating with Iran’s Ministry of Intelligence and Security (MOIS).

“The uniqueness of the victim organizations suggests a convergence of mission requirements with MOIS,” according to the Microsoft report. “It may also be evidence of a ‘hand-off’ operational model where MOIS provides Polonium with access to previously compromised victim environments to execute new activity.”