Updated on 2022-10-11
ESET researchers published a report this week on a recent campaign of the Polonium APT against Israeli organizations. The Polonium APT is a cyber-espionage group operating from Lebanon and coordinating with Iran’s Ministry of Intelligence and Security (MOIS). ESET said they spotted seven backdoors used by the group in their attacks in Israel, including five never-before-seen ones:
- CreepyDrive, which abuses OneDrive and Dropbox cloud services for C&C;
- CreepySnail, which executes commands received from the attackers’ own infrastructure;
- DeepCreep and MegaCreep, which make use of Dropbox and Mega file storage services, respectively;
- FlipCreep, TechnoCreep, and PapaCreep, which receive commands from attackers’ servers.
Read more: POLONIUM targets Israel with Creepy malware
Updated on 2022-10-10
Cyberespionage gang Polonium was found using previously undocumented ‘Creepy’ malware variants to target Israeli organizations. Read more: POLONIUM targets Israel with Creepy malware
Polonium APT
Microsoft said on Thursday that it took down more than 20 OneDrive accounts that were being used by an advanced persistent threat actor operating out of Lebanon. Microsoft said this group, which it named Polonium, has targeted or compromised more than 20 organizations based in Israel and one intergovernmental organization with operations in Lebanon over the past three months. Microsoft’s security said that it appears that Polonium might have “coordinated with other actors affiliated with Iran’s Ministry of Intelligence and Security (MOIS).”