Microsoft blocks Lebanese cyberattacks on Israeli firms, possibly directed by Iran

Microsoft says group it has dubbed ‘Polonium’ may be in cahoots with Tehran’s Ministry of Intelligence and Security

By ToI Staff 3 June 2022, 12:27 pm Edit
Illustrative: An Iranian flag made from binary code. (Sergio Lacueva/iStock Photo by Getty Images)
Illustrative: An Iranian flag made from binary code. (Sergio Lacueva/iStock Photo by Getty Images)

Microsoft has suspended over 20 OneDrive accounts for abusing the file hosting service in order to carry out cyberattacks on Israeli companies across numerous industries, including defense and financial services

Company officials wrote Thursday that they had high confidence the organization behind the attacks, which it dubbed “Polonium,” is based in Lebanon, and said they had moderate confidence that it was collaborating with Iran’s Ministry of Intelligence and Security (MOIS).

“Such collaboration or direction from Tehran would align with a string of revelations since late 2020 that the government of Iran is using third parties to carry out cyber operations on their behalf, likely to enhance Iran’s plausible deniability” of direct cyberattacks, Microsoft said.

The company said Polonium has targeted organizations previously targeted by Mercury, an identified “subordinate element” within MOIS, and has used similar tactics to those of Iranian cyber groups “Lyceum” and “CopyKittens.”

Microsoft suggested that these factors point to possible “hand-off” operations, whereby MOIS provides Polonium with access to previously compromised victim environments in order to execute new activity.

Microsoft has not linked any of Polonium’s attacks to those of other groups based in Lebanon, including Volatile Cedar, a cyber espionage group.

Microsoft development center in Herzliya Pituah, Oct 30, 2020. (Photo by Gili Yaari/Flash90)

Early last month, the National Cyber Directorate launched a joint venture with the Communications Ministry to strengthen Israeli cybersecurity in the hopes of creating a so-called “iron dome” in the cyber sphere.

These reforms require firms to purchase cutting-edge cybersecurity technology to identify, contain and recover potential cyberattacks, as well as to create internal measures to show the cybersecurity efforts they take. In addition, companies must implement five levels of information security mechanisms.

In the past decade, Iran has conducted countless cyberattacks across the globe, affecting the US, Europe and Israel. On Wednesday, the FBI reported that it had successfully thwarted a cyberattack on a Boston children’s hospital last summer.

Most Popular
read more:
If you’d like to comment, join
The Times of Israel Community.
JOIN THE TOI COMMUNITY
Join The Times of Israel Community
Commenting is available for paying members of The Times of Israel Community only. Please join our Community to comment and enjoy other Community benefits.
Please use the following structure: example@domain.com
Confirm Mail
Thank you! Now check your email
You are now a member of The Times of Israel Community! We sent you an email with a login link to . Once you're set up, you can start enjoying Community benefits and commenting.