POLONIUM

Overview

POLONIUM is a Lebanon-based group that has primarily targeted Israeli organizations, including critical manufacturing, information technology, and defense industry companies, since at least February 2022. Security researchers assess POLONIUM has coordinated their operations with multiple actors affiliated with Iran’s Ministry of Intelligence and Security (MOIS), based on victim overlap as well as common techniques and tooling.

Targets

Civil society · Critical Manufacturing · Defense · Defense industrial base · Financial Services · Food And Agriculture · Government Agencies And Services · Healthcare · Military · NGOs · Pharmaceuticals · Technology · Transportation

Regions

Israel

TTPs — 7 techniques across 5 tactics

Tools & malware (2)

CreepyDrive · CreepySnail

Reporting (2)

• How Microsoft names threat actors — Microsoft
• Exposing POLONIUM activity and infrastructure targeting Israeli organizations — Microsoft