SYMBOLCOMMON_NAMEaka. SYNONYMS

POLONIUM  (Back to overview)

aka: Plaid Rain

Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center (MSTIC) tracks as POLONIUM.


Associated Families
win.creep_exfil win.creepysnail win.deepcreep win.megacreep win.unidentified_097

References
2022-10-11ESET ResearchMatías Porolli
POLONIUM targets Israel with Creepy malware
CreepySnail CreepExfil DeepCreep MegaCreep Unidentified 097 (Polonium Keylogger)
2022-10-11BleepingComputerBill Toulas
Hacking group POLONIUM uses ‘Creepy’ malware against Israel
DeepCreep MegaCreep Unidentified 097 (Polonium Keylogger)
2022-06-02MicrosoftMicrosoft Digital Security Unit (DSU), Microsoft Threat Intelligence Center (MSTIC)
Exposing POLONIUM activity and infrastructure targeting Israeli organizations
POLONIUM

Credits: MISP Project