Microsoft also claims it suspended more than 20 malicious OneDrive applications created by the new threat actors. And added that all affected organizations had been notified. And they had deployed a series of security intelligence updates that will quarantine tools developed by the Iranian-linked hackers.
Although MSTIC is still uncertain how the attackers gained initial access to their victims’ networks. And notes that at least 80% of compromised organizations were running Fortinet appliances. This “suggests but does not definitively prove” that the Polonium compromised the Fortinet using a three-year-old vulnerability identified as CVE-2018-13379.
A list of customer actions was included in the report. Customers who are experiencing a POLONIUM attack should adopt the security considerations.