European cybersecurity firm ESET has discovered previously unknown custom backdoors and tools it believes are being leveraged by an APT group called Polonium. The group is relatively new and was discovered in June 2022 by Microsoft. The group is highly sophisticated and currently active. It appears to be exclusively targeting Israeli organizations with the goal of cyber espionage, since the group does not use sabotage tools such as wipers or ransomware. Microsoft previously linked Polonium to Lebanon and believes that the group could have ties with Iran’s Ministry of Intelligence and Security.
ESET’s findings were presented at a conference in late September and were published earlier this week to detail the activities of Polonium and how it has targeted more than a dozen organizations in the past year. Victims include companies spanning several sectors, including information technology, engineering, law, communications, media, insurance, and more. The APT also boasts custom tools for taking screenshots, logging keystrokes, and other malicious activity.