‘Iran is using third parties to carry out cyber operations on their behalf, likely to enhance deniability’
Microsoft blocked over 20 OneDrive accounts being used by an Iran-linked Lebanese hacking group to target Israeli defense and financial companies as well as an intergovernmental organization, the tech giant announced Thursday.
Company officials said they were confident that the organization behind the attacks – which they coined “Polonium” – is based north of Israel in Lebanon, and suggested that it was working with Iran’s Intelligence and Security Ministry (MOIS), The Times of Israel (ToI) reported.
“Such collaboration or direction from Tehran would align with a string of revelations since late 2020 that the government of Iran is using third parties to carry out cyber operations on their behalf, likely to enhance Iran’s plausible deniability,” Microsoft said.
Microsoft said Polonium went after companies that were previously targeted by Mercury, a “subordinate element” of MOIS, and used tactics similar to those of Iranian groups “Lyceum” and “CopyKittens.”
According to the company, Polonium focused on Israeli organizations that specialize in critical manufacturing and IT, along with major firms in Israel’s defense industry, The Jerusalem Post reported.
Microsoft indicated that MOIS possibly “handed-off” access to previously compromised victims for new cyberattacks, and did not link any of Polonium’s attacks to other groups based in Lebanon, according to ToI.
The tech conglomerate has thwarted several Iranian-linked cyberattacks on Israeli organizations in the recent past, including in October 2021 when it announced hackers from Iran successfully infiltrated US and Israeli defense technology companies.
Original Source link