Microsoft blocks Lebanese cyber attacks on Israeli firms, possibly directed by Iran

Microsoft has reported that it suspended over 20 OneDrive accounts abusing the service for cyber attacks on Israeli companies across numerous industries, including defense and financial services

Company officials wrote Thursday that they had high confidence the organization behind the attacks, which it dubbed “Polonium,” is based in Lebanon, and said they had moderate confidence that it was collaborating with Iran’s Ministry of Intelligence and Security (MOIS).

“Such collaboration or direction from Tehran would align with a string of revelations since late 2020 that the government of Iran is using third parties to carry out cyber operations on their behalf, likely to enhance Iran’s plausible deniability” of direct cyber attacks, Microsoft said.

The company said Polonium has targeted organizations previously targeted by Mercury, an identified “subordinate element” within MOIS, and has used similar tactics to those of Iranian cyber groups “Lyceum” and “CopyKittens.”

Microsoft suggested that these factors point to possible “hand-off” operations, whereby MOIS provides Polonium with access to previously compromised victim environments in order to execute new activity.

Microsoft has not linked any of Polonium’s attacks to those of other groups based in Lebanon, including Volatile Cedar, a cyber espionage group.

Microsoft development center in Herzliya Pituah, Oct 30, 2020. (Photo by Gili Yaari/Flash90)

Early last month, the National Cyber Directorate launched a joint venture with the Communications Ministry to strengthen Israeli cybersecurity in the hopes of creating a so-called “iron dome” in the cyber sphere.

These reforms require firms to purchase cutting-edge cybersecurity technology to identify, contain and recover potential cyber attacks, as well as to create internal measures to show the cybersecurity efforts they take. In addition, companies must implement five levels of information security mechanisms.

In the past decade, Iran has conducted countless cyber attacks across the globe, affecting the US, Europe and Israel. On Wednesday, the FBI reported that it had successfully thwarted a cyber attack on a Boston children’s hospital last summer.


You’re a dedicated reader

That’s why we started the Times of Israel ten years ago – to provide discerning readers like you with must-read coverage of Israel and the Jewish world.

So now we have a request. Unlike other news outlets, we haven’t put up a paywall. But as the journalism we do is costly, we invite readers for whom The Times of Israel has become important to help support our work by joining The Times of Israel Community.

For as little as $6 a month you can help support our quality journalism while enjoying The Times of Israel AD-FREE, as well as accessing exclusive content available only to Times of Israel Community members.

Thank you,
David Horovitz, Founding Editor of The Times of Israel


Join Our Community


Join Our Community

Already a member? Sign in to stop seeing this

Leave a Reply

Your email address will not be published.