POLONIUM (Threat Actor)

SYMBOL	COMMON_NAME	aka. SYNONYMS

POLONIUM (Back to overview)

aka: GREATRIFT, Plaid Rain, UNC4453

Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center (MSTIC) tracks as POLONIUM.

Associated Families

win.creep_exfil win.creepysnail win.deepcreep win.megacreep win.unidentified_097

References

2022-10-11 ⋅ ESET Research ⋅ Matías Porolli
POLONIUM targets Israel with Creepy malware
CreepySnail CreepExfil DeepCreep MegaCreep Unidentified 097 (Polonium Keylogger)

2022-10-11 ⋅ BleepingComputer ⋅ Bill Toulas
Hacking group POLONIUM uses ‘Creepy’ malware against Israel
DeepCreep MegaCreep Unidentified 097 (Polonium Keylogger)

2022-06-02 ⋅ Microsoft ⋅ Microsoft Digital Security Unit (DSU), Microsoft Threat Intelligence Center (MSTIC)
Exposing POLONIUM activity and infrastructure targeting Israeli organizations
POLONIUM

Credits: MISP Project