Lebanon-based hackers linked to Iran’s government targeted Israeli groups: Microsoft
According to a statement from Microsoft, the group named POLONIUM was working in coordination with Iran’s Ministry of Intelligence and Security “based primarily on victim overlap and commonality of tools and techniques.”
Microsoft has announced that it detected and disabled cyberattacks over the last three months from a group based in Lebanon with ties to the Iranian government targeting over 20 organizations inside Israel and one intergovernmental organization in Lebanon.
According to statement released on Thursday, the group named POLONIUM was working in coordination with Iran’s Ministry of Intelligence and Security “based primarily on victim overlap and commonality of tools and techniques.”
Microsoft has suspended more than 20 OneDrive applications created by the POLONIUM group.
“Our goal with this blog is to help deter future activity by exposing and sharing the POLONIUM tactics with the community at large,” Microsoft’s blog post read.
The ties between Tehran and the hackers align “with a string of revelations since late 2020 that the Government of Iran is using third parties to carry out cyber operations on their behalf, likely to enhance Iran’s plausible deniability.”
Earlier this week, FBI Director Christopher Wray revealed that the US foiled a cyberattack by the Iranian government against a children’s hospital in Boston, Massachusetts. The FBI head said it was “one of the most despicable cyberattacks I have ever seen.”
Detailing the attempts to target Israeli and Lebanese groups, Microsoft said POLONIUM had been focusing on critical manufacturing, IT, and Israel’s defense industry since February of this year.
Microsoft also said that an IT company was used to target a downstream aviation company and a law firm in one incident.
“Multiple manufacturing companies they targeted also serve Israel’s defense industry, indicating a POLONIUM tactic that follows an increasing trend by many actors, including among several Iranian groups, of targeting service provider access to gain downstream access,” Microsoft revealed. “This blog will also expose further details that show Iranian threat actors may be collaborating with proxies to operationalize their attacks.”
FBI: Iran government-backed hackers targeted US children’s hospitalIranian government-backed hackers tried to attack a leading US hospital for children in 2020, but were deterred after American authorities learned of ... World News
US re-offers $10 mln for information on Iran hackers accused of election interferenceThe US is repeating its offer of a $10 million reward for information on two Iranians accused of attempting to influence the 2020 US elections through ... Middle East
Iran-backed hackers accused of targeting critical US sectorsHackers linked to the Iranian government have been targeting a “broad range of victims” inside the United States, including by deploying ransomware, ... Middle East