Microsoft Catches iran Hackers
By Micah Halpern
Microsoft announced that it detected and took down an Iran-linked, Lebanese, hacking group that had targeted more than 20 Israeli organizations and one intergovernmental organization over the past three months.
The group, knowns as Polonium, which was tracked by Microsoft's Threat Intelligence Center (MSTIC), abused OneDrive cloud storage for command and control (C2) as they attacked Israel.
Up until now Polonium had gone undetected.
Microsoft indicated that MSTIC assessed with high confidence, that POLONIUM is Lebanon-based, and also indicated that it could rule with "moderate confidence" that the observed activity was coordinated with Iran's intelligence and security ministry.
The Microsoft statement reads: "MSTIC assesses with moderate confidence that the observed activity was coordinated with other actors affiliated with Iran's intelligence and security ministry"
Polonium created and used legitimate OneDrive accounts, then used those accounts as part of their attack operation.
In response to this hack, Microsoft suspended more than 20 malicious OneDrive applications created by Polonium and told the targeted organizations of the attacks.
According to Microsoft, Polonium primarily targeted Israeli organizations which specialize in critical manufacturing and IT, along with major organizations in Israel's defense industry.
Microsoft has, in the recent past, identified and disabled several Iranian-linked attacks on Israeli companies.
Read my latest book THUGS. It's easy. Just click.
To reprint my essays contact sales (at) www.featurewell.com