Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers

[correlate]

Level 18
Thread author
Verified
Top Poster
Well-known
May 4, 2019
825
A threat actor tracked as Polonium has been linked to over a dozen highly targeted attacks aimed at Israelian entities with seven different custom backdoors since at least September 2021.

The intrusions were aimed at organizations in various verticals, such as engineering, information technology, law, communications, branding and marketing, media, insurance, and social services, cybersecurity firm ESET said.
Polonium is the chemical element-themed moniker given by Microsoft to a sophisticated operational group that's believed to be based in Lebanon and is known to exclusively strike Israeli targets.
Activities undertaken by the group first came to light earlier this June when the Windows maker disclosed it suspended more than 20 malicious OneDrive accounts created by the adversary for command-and-control (C2) purposes.
Core to the attacks has been the use of implants coined CreepyDrive and CreepyBox for their ability to exfiltrate sensitive data to actor-controlled OneDrive and Dropbox accounts. Also deployed is a PowerShell backdoor dubbed CreepySnail.
ESET's latest discovery of five more previously undocumented backdoors brings into focus an active espionage-oriented threat actor that's constantly refining and retooling its malware arsenal.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top