Microsoft prevents Lebanese cyber-attacks against Israeli companies

Microsoft has banned the launching of Lebanese cyber-attacks on Israeli companies, which “may be directed by Iran”.

Microsoft says the group it has dubbed “Polonium” may be collaborating with the Ministry of Intelligence and Security in Tehran, noting that it has suspended more than 20 OneDrive accounts misusing the service for cyberattacks on Israeli companies across many industries, including defense and services. Finance.
Company officials wrote on Thursday that they had high confidence that the organization behind the attacks, which they dubbed “Polonium”, is based in Lebanon, and said they had moderate confidence that it was cooperating with Iran’s Ministry of Intelligence and Security (MOIS).
Microsoft noted that, “Such cooperation or direction from Tehran would be consistent with a series of disclosures since late 2020 that the Iranian government uses third parties to carry out cyber operations on its behalf, and is likely to reinforce Iran’s reasonable denial of ‘direct cyberattacks’.” , according to the “timesofisrael” website.
The company said Polonium targeted organizations previously targeted by Mercury, a “minor element” identified within the Ministry of the Interior, and used tactics similar to those of Iranian cyber groups Lyceum and CopyKittens.
Microsoft suggested that these factors point to potential “deliveries,” in which MOIS provides Polonium with access to previously compromised victim environments in order to carry out new activity.
Microsoft has not linked any of the Polonium attacks to those of other groups based in Lebanon, including Volatile Cedar, a cyber espionage group.
Early last month, the National Electronic Directorate launched a joint project with the Ministry of Communications to boost Israeli cybersecurity in hopes of creating a so-called “Iron Dome” in the cyber domain.
These reforms require companies to purchase advanced cybersecurity technology to identify, contain and recover potential cyberattacks, as well as to create internal measures to demonstrate their cybersecurity efforts. In addition, companies must implement five levels of information security mechanisms.