Monday, July 4th | 5 Tammuz 5782

June 2, 2022 4:41 pm

Tehran-Linked Hackers in Lebanon Exposed After Targeting Israeli Defense, IT Companies

avatar by Sharon Wrobel

An Iranian flag is pictured near in a missile during a military drill, with the participation of Iran’s Air Defense units, Iran October 19, 2020. Photo: WANA (West Asia News Agency) via REUTERS/Files

Microsoft Corp. revealed on Thursday that it detected and took down infrastructure from the Polonium network, which the company described as a Lebanon-based hacking group that has targeted more than 20 Israeli organizations.

The tech giant said that the group likely “coordinated with other actors affiliated with Iran’s Intelligence and Security Ministry (MOIS).”

“Such collaboration or direction from Tehran would align with a string of revelations since late 2020 that the Government of Iran is using third parties to carry out cyber operations on their behalf, likely to enhance Iran’s plausible deniability,” Microsoft said in a blog post exposing Polonium’s infrastructure and tactics.

The company said Polonium actors abused its OneDrive cloud service platform for the Iran-linked cyberattacks, including via data exfiltration and command and control techniques. According to Microsoft intelligence experts, Polonium’s infrastructure has over the past three months targeted or compromised more than 20 Israel-based organizations, mainly in the areas of defense and critical manufacturing, as well as an intergovernmental organization with operations in Lebanon.

Related coverage

July 3, 2022 9:29 am

Israel Reaches Record Trade Increase With Arab States Under Abraham Accords

i24 News – Trade between Israel and the United Arab Emirates reached $201.4 million in May 2022, a 130 percent...

After the detection, the company said it suspended more than 20 malicious OneDrive applications created by Polonium actors, notified the affected organizations, and operated a series of security intelligence updates.

Since February 2022, Polonium operators have targeted Israeli-based companies and organizations involved in critical manufacturing, IT, the defense industry, transportation systems, government agencies and services, financial services, healthcare and public health, the report said

In at least one case, an attack by Polonium hackers on an IT company in Israel was used to target an aviation company and a law firm that relied on service provider credentials for access to its networks and customers.

“Multiple manufacturing companies they targeted also serve Israel’s defense industry, indicating a Polonium tactic that follows an increasing trend by many actors, including among several Iranian groups, of targeting service provider access to gain downstream access,” Microsoft disclosed. “The tactic of leveraging IT products and service providers to gain access to downstream customers remains a favorite of Iranian actors and their proxies.”

The exposure of the hacking group also sheds light on how Iranian threat actors use proxies to operationalize their cyberattacks, the company said. Analysis of Polonium’s cyber operations showed that they were targeting multiple organizations that were previously compromised by MuddyWater, a group of hackers linked to Iran’s Intelligence and Security Ministry (MOIS).

The disclosure came a day after FBI Director Christopher Wray described Iranian government efforts to hack the Boston Children’s Hospital last year, in an attack that could have disrupted patient care.

Speaking at a conference hosted at Boston College on Wednesday, Wray called the incident”one of the most despicable cyberattacks I have ever seen,” and said it was emblematic of the threat posed by Tehran to critical infrastructure in the US.

Share this Story: Share On Facebook Share On Twitter

Let your voice be heard!

Join the Algemeiner

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.