Description
[POLONIUM](https://attack.mitre.org/groups/G1005) is a Lebanon-based group that has primarily targeted Israeli organizations, including critical manufacturing, information technology, and defense industry companies, since at least February 2022. Security researchers assess [POLONIUM](https://attack.mitre.org/groups/G1005) has coordinated their operations with multiple actors affiliated with Iran’s Ministry of Intelligence and Security (MOIS), based on victim overlap as well as common techniques and tooling.(Citation: Microsoft POLONIUM June 2022)
Techniques Used (TTPs)
- T1567.002 — Exfiltration to Cloud Storage (exfiltration)
- T1102.002 — Bidirectional Communication (command-and-control)
- T1090 — Proxy (command-and-control)
- T1588.002 — Tool (resource-development)
- T1199 — Trusted Relationship (initial-access)
- T1583.006 — Web Services (resource-development)
- T1078 — Valid Accounts (defense-evasion, persistence, privilege-escalation, initial-access)
Total TTPs: 7
Malware & Tools
Malware: CreepyDrive, CreepySnail