Israel's critical infrastructure is under threat from an Iranian proxy hacking group operating in Lebanon.
Iran's partnership with armed militant groups throughout the Middle East is well documented.
According to Microsoft, in the spring of 2022 alone, Polonium spied on more than 20 Israeli organizations across commercial, critical, and government sectors, including transportation, critical manufacturing, IT, finance, agriculture, and healthcare.
On Dec. 4, Israel's National Cyber Directorate warned that Polonium has targeted further critical infrastructure sectors, including water and energy.
Dark Reading has reached out to Israel's Ministry of Defense for further details, but has not yet received a reply.
Polonium's M.O. From a country with only a few, relatively quiet APT groups - Volatile Cedar, Tempting Cedar, and Dark Caracal - one may be tempted to underestimate Polonium.
Beyond Microsoft's findings on its targets, in October 2022, researchers from ESET found an additional dozen-plus attacks carried out by the same group, in the same year, across even more sectors including engineering, law, communications, marketing, media, insurance, and social services.
For command-and-control, it preferred cloud services like Microsoft OneDrive, Dropbox, and Mega.
Most notably, in that first year of its operation, the group had deployed no less than seven custom backdoors against their targets, capable of deploying reverse shells, exfiltrating files, taking screenshots, logging keystrokes, taking control of webcams, and more.
Rather than packaging these backdoors as a monolith, the hackers divided them up into fragments - tiny files, each with limited functionality.
One dynamic link library file would be responsible for screen grabs, and then another took care of uploading them to a C2 server.
Iran's Proxy Cyber War Against the backdrop of war in Gaza, Israel has faced a significant rise in cyberattacks.
Three weeks into the war, the Cyber Directorate had already identified more than 40 attempts to compromise digital service and storage providers.
That its attackers are not always the ones pulling the strings only makes defending against them that more difficult, says Maria Cunningham, director of threat research ReliaQuest.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 07 Dec 2023 15:25:05 +0000