Iran Caught Using Intermediaries To Hack Israeli Business

Microsoft has disabled attack activity on over 20 OneDrive accounts for abusing the file hosting service in order to carry out cyber attacks on Israeli companies across numerous industries, including defense and financial services

Now, Microsoft has disclosed the organisation behind the attacks, which they have named “Polonium,” which is based in Lebanon, most likely in collaboration with Iran’s Ministry of Intelligence and Security (MOIS). “Such collaboration or direction from Tehran would align with a string of revelations since late 2020 that the government of Iran is using third parties to carry out cyber operations on their behalf, likely to enhance Iran’s plausible deniability” Microsoft said.

 Polonium has targeted organisations previously targeted by Mercury, an identified “subordinate element” within MOIS, and has used similar tactics to those of Iranian cyber groups “Lyceum” and “CopyKittens.” Microsoft suggested that these factors point to possible “hand-off” operations, whereby MOIS provides Polonium with access to previously compromised victim environments in order to execute new activity. 

“Multiple manufacturing companies they targeted also serve Israel’s defense industry, indicating a Polonium tactic that follows an increasing trend by many actors, including among several Iranian groups, of targeting service provider access to gain downstream access,” Microsoft said in statement. 

Iran has conducted many cyber attacks around the world, affecting the US, Europe and Israel. The targets  have included those in the manufacturing, IT, transportation, defense, government, agriculture, financial, and healthcare sectors. 

Microsoft has previously beaten off several Iranian-linked cyber attacks on Israeli organisations, including in October 2021 when it announced hackers from Iran got into US and Israeli defense technology companies. In one incident, an IT company was used to target a downstream aviation company. 

Israel's National Cyber Directorate has recently launched a joint venture with the Communications Ministry to strengthen national cyber security.  These reforms require firms to purchase cutting-edge cyber security technology to identify, contain and recover potential cyber attacks, as well as to create internal measures to show the cyber security efforts they take.

Microsoft:    Times of Israel:    Al Arabiya:    i24:     Hacker News:    National Cybesecurity News:   The Record:  

You Might Also Read: 

Significant Growth In State-Sponsored Cyber Attacks:

 

« Deactivated Domains Used For Spear-Phishing
Small Business Still Not Ready For Cyber Attacks »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Checkmarx

Checkmarx

Checkmarx provides state-of-the-art application security solutions with static code analysis software.

Global Learning Systems (GLS)

Global Learning Systems (GLS)

Global Learning Systems provides security awareness and compliance training programs for employees that effectively promote behavior change and protect your organization.

Center for Identity - University of Texas at Austin

Center for Identity - University of Texas at Austin

The mission of the Center is to deliver the highest-quality discoveries, applications, education, and outreach for excellence in identity management, privacy, and security.

Dcoya

Dcoya

Dcoya's complete security awareness training program gives you out-of-the-box compliance with PCI-DSS, HIPAA, SOX and ISO regulations.

Navarino

Navarino

Navarino is the maritime industry’s most advanced communications and connectivity company. We develop advanced technologies and innovative IT solutions including cyber security.

Sweepatic

Sweepatic

The Sweepatic reconnaissance platform discovers and analyses all internet facing assets and their exposure to risk.

National Cybersecurity Preparedness Consortium (NCPC) - USA

National Cybersecurity Preparedness Consortium (NCPC) - USA

The mission of the NCPC is to provide research-based, cybersecurity-related training, exercises and technical assistance to local jurisdictions, counties, states and the private sector.

Kickstart

Kickstart

Kickstart supports your startup in scaling deep technology businesses in Switzerland in areas such as AI, Blockchain and Cybersecurity.

Security Management Partners (SMP)

Security Management Partners (SMP)

Security Management Partners (SMP) is a trusted partner to financial services, healthcare and businesses that need to manage their information, securely.

Nardello & Co

Nardello & Co

Nardello & Co. is a global investigations firm with experienced professionals handling a broad range of issues including Digital Investigations & Cybersecurity.

Code Intelligence

Code Intelligence

Code Intelligence offers a platform for automated software security testing to help developers make their software more robust and secure.

Hayes Connor Solicitors

Hayes Connor Solicitors

Hayes Connor Solicitors is a specialist data breach and cybercrime law firm. We act for clients on individual data breaches and also where a group has been compromised as part of a targeted attack.

Secora Consulting

Secora Consulting

Secora Consulting is a professional services company specialising in tailored cybersecurity assessments and cyber advisory services.

Oz Forensics

Oz Forensics

Oz Forensics is a global leader in preventing biometric and deepfake fraud. It is a developer of facial Liveness detection for Antifraud Biometric Software with high expertise in the Fintech market.

HEAL Security

HEAL Security

HEAL Security is the global authority for cybersecurity data, research and insights across the healthcare sector.

Amiseq

Amiseq

Amiseq – Your Tech Partner delivers transformational IT Consulting Services enabling customers achieve a competitive edge.