Lebanon-based hackers linked to the Iranian government targeted Israeli groups: Microsoft


Microsoft announced that over the past three months it has detected and disabled cyberattacks by a Lebanon-based group with ties to the Iranian government targeting over 20 organizations in Israel and one intergovernmental organization in Lebanon.

The group, dubbed POLONIUM, worked in coordination with Iran’s intelligence and security ministry “mainly on the basis of victim overlap and commonality of tools and techniques,” according to a statement released Thursday.

For the latest headlines, follow our Google News channel online or via the app.

Microsoft has suspended more than 20 OneDrive applications created by the POLONIUM group.

“Our goal with this blog is to prevent future activity by exposing and sharing POLONIUM tactics with the entire community,” Microsoft’s blog post reads.

The connections between Tehran and the hackers “consistent with a series of revelations since late 2020 that the Iranian government is using third parties to conduct cyber operations on its behalf, likely to add to Iran’s plausible denial.”

Earlier this week, FBI Director Christopher Wray announced that the US had foiled an Iranian government cyberattack on a children’s hospital in Boston, Massachusetts. The FBI chief said it was “one of the most heinous cyberattacks I’ve ever seen.”

Discussing attempts to attack Israeli and Lebanese groups, Microsoft said POLONIUM has focused on Israel’s critical manufacturing, IT and defense industries since February this year.

Microsoft also said an IT company was used to attack a downstream air carrier and law firm in an incident.

“Several manufacturing companies they target also serve the Israeli defense industry, pointing to a POLONIUM tactic that follows an increasing trend by many players, including several Iranian groups, to target access to service providers to gain downstream access,” revealed Microsoft. “This blog will also reveal more details showing that Iranian threat actors may be working with proxies to operationalize their attacks.”

Read more: US to Join Europe in Backing IAEA Resolution Against Iran: State Department


Comments are closed.