POLONIUM  (Back to overview)

aka: GREATRIFT, Plaid Rain, UNC4453

Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center (MSTIC) tracks as POLONIUM.

Associated Families
win.creep_exfil win.creepysnail win.deepcreep win.megacreep win.unidentified_097

2022-10-11ESET ResearchMatías Porolli
POLONIUM targets Israel with Creepy malware
CreepySnail CreepExfil DeepCreep MegaCreep Unidentified 097 (Polonium Keylogger)
2022-10-11BleepingComputerBill Toulas
Hacking group POLONIUM uses ‘Creepy’ malware against Israel
DeepCreep MegaCreep Unidentified 097 (Polonium Keylogger)
2022-06-02MicrosoftMicrosoft Digital Security Unit (DSU), Microsoft Threat Intelligence Center (MSTIC)
Exposing POLONIUM activity and infrastructure targeting Israeli organizations

Credits: MISP Project