top of page
  • Clipeus

Polonium Joins The Cyberwarfare Against Israel

On 4 December 2023, Israel's National Cyber Directorate reported an ongoing cooperation between Iranian state-sponsored actors and Polonium, a Lebanon-based operational group which appears to hold an affiliation with Iran's Ministry of Intelligence and Security.


Israel's National Cyber Directorate identified destructive attacks against Israeli critical infrastructure sectors, including water and energy. According to the Israeli report, the attacker was observed leveraging virtual private network (VPN) services for network traffic and PCloud as command-and-control (C2).


Historically, Polonium pursued the exploitation of Fortinet devices, particularly via CVE-2018-13379, and abused cloud services such as Microsoft OneDrive, Dropbox, and Mega as C2, which is consistent with the TTPs observed in the recent events.

Recent Posts

See All

AcidPour Wiper Targets Linux Devices in Ukraine

A new iteration of the AcidRain wiper malware, dubbed AcidPour, has been identified by SentinelOne's threat intelligence division, SentinelLabs. AcidRain, linked to Russian military intelligence, gain

Comments


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page