Security News > 2022 > June > Microsoft blocks Polonium hackers from using OneDrive in attacks

Microsoft said it blocked a Lebanon-based hacking group it tracks as Polonium from using the OneDrive cloud storage platform for data exfiltration and command and control while targeting and compromising Israelian organizations.
Throughout the attacks that mainly targeted Israel's critical manufacturing, IT, and defense industry sectors since February 2022, Polonium operators have also likely coordinated their hacking attempts with multiple Iran-linked threat actors, according to Redmond's analysis.
In some of the attacks, Microsoft has observed evidence pointing at MOIS operators possibly providing Polonium hackers with access to previously breached networks.
Polonium operators have also targeted multiple victims compromised by the MuddyWater APT group, tracked by Microsoft as Mercury, and linked to the Iranian Ministry of Intelligence and Security by US Cyber Command.
"While we continue to pursue confirmation of how POLONIUM gained initial access to many of their victims, MSTIC notes that approximately 80% of the observed victims beaconing to graph.microsoft.com were running Fortinet appliances," Microsoft added.
Microsoft urged customers to ensure that Microsoft Defender Antivirus uses the latest security intelligence updates and that multi-factor authentication is enforced for all remote connectivity to block the abuse of potentially compromised credentials.
News URL
Related news
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)