Microsoft has suspended over 20 OneDrive accounts for abusing the file hosting service in order to carry out cyberattacks on Israeli companies across numerous industries, including defense and financial services
Company officials wrote Thursday that they had high confidence the organization behind the attacks, which it dubbed "Polonium," is based in
...a formerly French, now an Iranian colony situated on the eastern Mediterranean, conveniently adjacent to Israel. ...
, and said they had moderate confidence that it was collaborating with Iran’s Ministry of Intelligence and Security (MOIS).
"Such collaboration or direction from Tehran would align with a string of revelations since late 2020 that the government of Iran
...The nation is noted for spontaneouslytaking over other countries' embassies, maintaining whorehouses run by clergymen, involvement in international drug trafficking, and financing sock puppet
militiasto extend the regime's influence...
is using third parties to carry out cyber operations on their behalf, likely to enhance Iran’s plausible deniability" of direct cyberattacks, Microsoft said.
The company said Polonium has targeted organizations previously targeted by Mercury, an identified "subordinate element" within MOIS, and has used similar tactics to those of Iranian cyber groups "Lyceum" and "CopyKittens."
Microsoft suggested that these factors point to possible "hand-off" operations, whereby MOIS provides Polonium with access to previously compromised victim environments in order to execute new activity.
Microsoft has not linked any of Polonium’s attacks to those of other groups based in Lebanon, including Volatile Cedar, a cyber espionage group.
Early last month, the National Cyber Directorate launched a joint venture with the Communications Ministry to strengthen Israeli cybersecurity in the hopes of creating a so-called "iron dome" in the cyber sphere.
These reforms require firms to purchase cutting-edge cybersecurity technology to identify, contain and recover potential cyberattacks, as well as to create internal measures to show the cybersecurity efforts they take. In addition, companies must implement five levels of information security mechanisms.
In the past decade, Iran has conducted countless cyberattacks across the globe, affecting the US, Europa
...the land mass occupying the space between the English Channel and the Urals, also known as Moslem Lebensraum...
and Israel.