POLONIUM  (Back to overview)

Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center (MSTIC) tracks as POLONIUM.

---

Associated Families

---

References

2022-10-11 ⋅ ESET Research ⋅ Matías Porolli @online{porolli:20221011:polonium:1dbdd2d, author = {Matías Porolli}, title = {{POLONIUM targets Israel with Creepy malware}}, date = {2022-10-11}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/}, language = {English}, urldate = {2022-10-12} } POLONIUM targets Israel with Creepy malware CreepySnail CreepExfil DeepCreep MegaCreep Unidentified 097 (Polonium Keylogger)

2022-10-11 ⋅ BleepingComputer ⋅ Bill Toulas @online{toulas:20221011:hacking:ea55dc5, author = {Bill Toulas}, title = {{Hacking group POLONIUM uses ‘Creepy’ malware against Israel}}, date = {2022-10-11}, organization = {BleepingComputer}, url = {https://www.bleepingcomputer.com/news/security/hacking-group-polonium-uses-creepy-malware-against-israel/}, language = {English}, urldate = {2022-10-12} } Hacking group POLONIUM uses ‘Creepy’ malware against Israel DeepCreep MegaCreep Unidentified 097 (Polonium Keylogger)

2022-06-02 ⋅ Microsoft ⋅ Microsoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU) @online{mstic:20220602:exposing:b85423c, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{Exposing POLONIUM activity and infrastructure targeting Israeli organizations}}, date = {2022-06-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/}, language = {English}, urldate = {2022-06-02} } Exposing POLONIUM activity and infrastructure targeting Israeli organizations POLONIUM

---

Credits: MISP Project