POLONIUM
Intelligence Profile
[POLONIUM](https://attack.mitre.org/groups/G1005) is a Lebanon-based group that has primarily targeted Israeli organizations, including critical manufacturing, information technology, and defense industry companies, since at least February 2022. Security researchers assess [POLONIUM](https://attack.mitre.org/groups/G1005) has coordinated their operations with multiple actors affiliated with Iran’s Ministry of Intelligence and Security (MOIS), based on victim overlap as well as common techniques and tooling.(Citation: Microsoft POLONIUM June 2022)
Threat Analysis
POLONIUM is a known-sophistication threat actor attributed to LB, engaged in cyber operations with a primary motivation of espionage.
The group's espionage-oriented operations suggest a state-sponsored or state-aligned mandate, typically focused on stealing intellectual property, government secrets, or military intelligence. Targets are usually selected for strategic value rather than financial gain.
Known Campaigns
POLONIUM is a unknown-motivation threat actor attributed to LB. Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center (MSTIC) tracks as POLONIUM....