Microsoft Threat Intelligence Center (MSTIC) has successfully identified and disabled an attack orchestrated by a Lebanon-based activity group called Polonium.
The group was abusing Microsoft’s file hosting service, OneDrive, to target private and government organizations in Israel. Based on its tools and techniques, it seems that Polonium is affiliated with Iran’s Ministry of Intelligence and Security (MOIS).
“Polonium has targeted or compromised more than 20 organizations based in Israel and one intergovernmental organization with operations in Lebanon over the past three months,” explains MSTIC.
The good news is that all legitimate OneDrive accounts are completely safe because the attack didn’t involve any security issues or vulnerabilities. Instead, Polonium used the file hosting service for command and control to execute part of their attack operation.
Polonium’s targets include primarily organizations in critical manufacturing, IT, and defense industry. “In at least one case, Polonium’s compromise of an IT company was used to target a downstream aviation company and law firm in a supply chain attack that relied on service provider credentials to gain access to the targeted networks.”
MSTIC is still actively investigating how Polonium gained initial access to many of their victims, but it knows that most victims were running Fortinet appliances. Based on this fact, MSTIC suspects that the CVE-2018-13379 vulnerability was used to gain access inside the targeted organizations.
While the threat has been contained, there are certain actions MSTIC recommends all organizations to take to protect themselves, such as confirming that Microsoft Defender Antivirus is updated, enabling multi-factor authentication (MFA), and blocking in-bound traffic from specific IP addresses.
This isn’t the first instance of threat actors using OneDrive and other similar file hosting services to achieve their nefarious goals. Last year, for example, Microsoft discovered that OneDrive was used to host malware files commonly used to launch Conti ransomware attacks.
Are You Ready For This Year’s GITEX Shopper Event?
We’re excited to be media partners of this year’s GITEX Shopper event, an extravaganza bringing together all the big names and retailers in electronics.
GITEX Shopper, the giant 5-day electronics extravaganza, is getting ready to open its doors to the public between December 14 and 18 at the Dubai World Trade Center.
The expo brings together all of the top electronic brands and retailers and features huge discounts on all the best tech, plus prize draws, new product launches, interactive displays and much more.
Visitors to GITEX Shopper will be able to grab all of the latest products at the best prices, from gaming consoles and speakers to drones, TV sets, and even e-scooters. This 5-day shopping extravaganza offers exclusive discounts on selected items that can’t be found elsewhere, and there are plenty of shows and demonstrations at the expo to keep the whole family entertained.
To join over 100,000 people at this year’s GITEX Shopper and grab some of 2022’s biggest bargains, head over to the official website to register your interest.