Connect with us

News

Microsoft Blocks Lebanon-Based Hackers Targeting Israel

The hackers were abusing Microsoft’s file hosting service, OneDrive, to target private and government organizations in Israel.

Published

2 years ago

on

microsoft blocks lebanon-based hackers targeting israel

Microsoft Threat Intelligence Center (MSTIC) has successfully identified and disabled an attack orchestrated by a Lebanon-based activity group called Polonium.

The group was abusing Microsoft’s file hosting service, OneDrive, to target private and government organizations in Israel. Based on its tools and techniques, it seems that Polonium is affiliated with Iran’s Ministry of Intelligence and Security (MOIS).

“Polonium has targeted or compromised more than 20 organizations based in Israel and one intergovernmental organization with operations in Lebanon over the past three months,” explains MSTIC.

The good news is that all legitimate OneDrive accounts are completely safe because the attack didn’t involve any security issues or vulnerabilities. Instead, Polonium used the file hosting service for command and control to execute part of their attack operation.

Polonium’s targets include primarily organizations in critical manufacturing, IT, and defense industry. “In at least one case, Polonium’s compromise of an IT company was used to target a downstream aviation company and law firm in a supply chain attack that relied on service provider credentials to gain access to the targeted networks.”

MSTIC is still actively investigating how Polonium gained initial access to many of their victims, but it knows that most victims were running Fortinet appliances. Based on this fact, MSTIC suspects that the CVE-2018-13379 vulnerability was used to gain access inside the targeted organizations.

Also Read: Is Your Phone Hacked? How To Find Out & Protect Yourself

While the threat has been contained, there are certain actions MSTIC recommends all organizations to take to protect themselves, such as confirming that Microsoft Defender Antivirus is updated, enabling multi-factor authentication (MFA), and blocking in-bound traffic from specific IP addresses.

This isn’t the first instance of threat actors using OneDrive and other similar file hosting services to achieve their nefarious goals. Last year, for example, Microsoft discovered that OneDrive was used to host malware files commonly used to launch Conti ransomware attacks.

Related Topics:
Advertisement

📢 Get Exclusive Monthly Articles, Updates & Tech Tips Right In Your Inbox!

JOIN 17K+ SUBSCRIBERS

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

News

NASA Forms New Partnership With Saudi Space Agency

The pair will collaborate on the Center for Space Futures, advancing space tech by bringing together public and private stakeholders.

Published

3 days ago

on

May 16, 2024

By

nasa forms new partnership with saudi space agency
Saudi Space Agency

Saudi Arabia’s space industry is on the brink of substantial expansion after generating $400 million in revenue in 2022, according to a report by the Saudi Communications, Space and Technology Commission.

Now, in a new venture with NASA, plans for a “Center for Space Futures” are set to further drive the Kingdom’s aspirations of becoming a leading player in space exploration and technology.

The partnership between NASA and Saudi Arabia goes beyond economic advantages. The pair have already cooperated on preliminary work for the Artemis II lunar mission, which is slated for a September 2025 launch and aims to land astronauts near the moon’s South Pole.

Also Read: Plans Underway For Massive Middle East Autonomous Freight Network

During a visit to the capital, Riyadh, NASA Administrator Bill Nelson emphasized in a TV interview the broader objectives of the collaboration, which encompass “returning to the moon and then [to] Mars” while utilizing space exploration to glean important insights into climate change. The NASA spokesman also reiterated the space agency’s dedication to collaborating with Saudi Arabia on other future ventures.

Continue Reading

#Trending