Seven ‘creepy’ Backdoors Employed in Israel Attacks by a Lebanese Cyberspy Group


ESET has published an analysis of the seven backdoors that Lebanese Advanced Persistent Threat (APT) actor Polonium has been using since September 2021 in attacks targeting Israeli organizations. Microsoft first revealed Polonium in June 2022, but it appears that the group has been active for at least a year.

The APT is thought to operate out of Lebanon and collaborate with Iranian-affiliated threat actors to target more than 20 Israeli entities involved in communications, engineering, insurance, information technology, law, marketing, media, and social services.

Polonium is a live threat that regularly updates its toolkit. It has been using seven different backdoors, custom tools, and cloud services for command and control (C&C) communications.

Read More: Seven ‘Creepy’ Backdoors Used by Lebanese Cyberspy Group in Israel Attacks

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.