ESET has published an analysis of the seven backdoors that Lebanese Advanced Persistent Threat (APT) actor Polonium has been using since September 2021 in attacks targeting Israeli organizations. Microsoft first revealed Polonium in June 2022, but it appears that the group has been active for at least a year.
The APT is thought to operate out of Lebanon and collaborate with Iranian-affiliated threat actors to target more than 20 Israeli entities involved in communications, engineering, insurance, information technology, law, marketing, media, and social services.
Polonium is a live threat that regularly updates its toolkit. It has been using seven different backdoors, custom tools, and cloud services for command and control (C&C) communications.