Microsoft announced on Thursday that it was able to detect and stop an attack through its file-sharing service, OneDrive, by a group of Lebanese hackers identified as "Polonium" apparently operating from Tehran.
According to Microsoft, which published the case on its blog site, the group of hackers does operate in Lebanon, but "in moderation" it can be estimated that it operates in coordination with other "Iranian Ministry of Intelligence" (MOIS) agents in light of the methods used and the similarity of victims of other cases.
"Such cooperation or directive on the part of Tehran has been the subject of a series of revelations since the end of 2020 regarding the Iranian government's use of external elements to carry out cyber attacks on its behalf, so that it will probably have the ability to deny it," it said.
The attack that was stopped was against "more than 20 organizations based in Israel and one intergovernmental organization that has been operating in Lebanon for more than three months."
It was further stated that POLONIUM's attack does not indicate security failures in OneDrive, but noted that starting in February 2022, this group of hackers began working with Israeli organizations "with an emphasis on critical industries, information systems, and security industries."
It was further stated that "a number of companies that were attacked serve the Israeli defense industries" and that the victims also included companies in the field of food, finance and health.
Were we wrong?
Fixed!
If you found an error in the article, we'll be happy for you to share it with us