A threat actor identified as Polonium has been linked to over a dozen highly targeted attacks aimed at Israeli entities using seven different custom backdoors, since September 2021.
According to cybersecurity firm ESET, the intrusions targeted organisations in a variety of industries, including engineering, information technology, law, communications, branding and marketing, media, insurance, and social services. Microsoft has given the chemical element-themed moniker Polonium to a sophisticated operational group believed to be based in Lebanon and known to exclusively target Israeli targets.
The group’s activities were first revealed in June when Microsoft announced the suspension of more than 20 malicious OneDrive accounts created by the adversary for command-and-control (C2) purposes.
The use of implants dubbed CreepyDrive and CreepyBox for their potential to exfiltrate sensitive data to actor-controlled OneDrive and Dropbox accounts has been central to the attacks. CreepySnail, a PowerShell backdoor, has also been deployed. ESET’s latest discovery of five previously unknown backdoors highlights an active espionage-oriented threat actor that is constantly refining and retooling its malware arsenal.
ESET researcher Matías Porolli said, “The numerous versions and cha
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: