Microsoft on Thursday said it identified and disabled an Iran-linked Lebanese hacking group that targeted more than 20 Israeli organizations and one intergovernmental organization.
Follow Israel Hayom on Facebook, Twitter, and Instagram
The previously undocumented group, which Microsoft's Threat Intelligence Center tracked as POLONIUM, abused the company's OneDrive cloud storage platform for command and control purposes.
POLONIUM operators likely coordinated their hacking attempts with Iran, the tech giant said on its website.
"We also assess with moderate confidence that the observed activity was coordinated with other actors affiliated with Iran's Ministry of Intelligence and Security (MOIS), based primarily on victim overlap and commonality of tools and techniques.
"Such collaboration or direction from Tehran would align with a string of revelations since late 2020 that the government of Iran is using third parties to carry out cyber operations on their behalf, likely to enhance Iran's plausible deniability," Microsoft said.
In some of the attacks, Microsoft has observed evidence pointing at MOIS operators possibly providing Polonium hackers with access to previously breached networks.
Microsoft added that POLONIUM hackers had been tracked since February 2022 targeting critical Israeli infrastructure and defense firms.
"Since February 2022, POLONIUM has been observed primarily targeting organizations in Israel with a focus on critical manufacturing, IT, and Israel's defense industry," Microsoft said.
"In at least one case, POLONIUM's compromise of an IT company was used to target a downstream aviation company and law firm in a supply chain attack that relied on service provider credentials to gain access to the targeted networks. Multiple manufacturing companies they targeted also serve Israel's defense industry, indicating a POLONIUM tactic that follows an increasing trend by many actors, including among several Iranian groups, of targeting service provider access to gain downstream access," it added.
This was not the first cyberattack on Israeli industries reported by Microsoft.
In October 2012, the company warned that a group of Iranian or pro-Iranian hackers it had been tracking had tried to breach numerous Microsoft Office 365 accounts through password-guessing attacks targeting and at times compromising systems of US and Israeli defense technology companies.
In a blog post at the time, Microsoft's assessed that a new cyber "activity cluster" linked to Iran had targeted hundreds of Microsoft Office 365 accounts tied to groups including US and Israeli defense companies, Persian Gulf entry ports, and global maritime transportation companies.
The hackers had been targeting US, EU, and Israeli defense companies that produce "military-grade radars, drone technology, satellite systems, and emergency response communication systems," the company wrote.
Subscribe to Israel Hayom's daily newsletter and never miss our top stories!
Meanwhile, in Iran on Thursday, government-run surveillance cameras around the capital were "disrupted" in an apparent cyberattack claimed by an anti-regime exile group.
Mujahedeen-e-Khalq said it hacked into over 5,000 cameras around Tehran ahead of the commemoration of the death of the founder of the Islamic republic, Ayatollah Ruhollah Khomeini.
The hack comes after another cyber assault in January that saw a graphic calling for the death of the country's supreme leader played on multiple state TV channels.
In October, an assault on Iran's fuel distribution system paralyzed gas stations nationwide, leading to long lines of angry motorists unable to get subsidized fuel for days. A cyberattack on Iran's railway system caused chaos and train delays. Another hack leaked footage of abuses at its notorious Evin prison.
Iran, long sanctioned by the West, faces difficulties in getting up-to-date hardware and software, often relying on Chinese-manufactured electronics or older systems. Pirated versions of Windows and other software are common across Iran. That makes it easier for potential hackers to target the country.
