"Hacking Group POLONIUM Uses 'Creepy' Malware Against Israel"

Researchers have discovered previously unknown malware used by the cyberespionage hacking group 'POLONIUM.' The threat actors appear to target only Israeli organizations. POLONIUM employs a wide range of custom malware against engineering, IT, law, communications, marketing, and insurance firms in Israel, according to ESET. In June 2022, Microsoft's Threat Intelligence team first documented the group's malicious activities, tying POLONIUM threat actors in Lebanon to Iran's Ministry of Intelligence and Security (MOIS). POLONIUM, according to ESET, is only interested in cyberespionage and does not use data wipers, ransomware, or other file-damaging tools. Since September 2021, at least seven variants of custom backdoors have been used, including four new undocumented backdoors called 'TechnoCreep,' 'FlipCreep,' 'MegaCreep,' and 'PapaCreep.' Some backdoors take advantage of legitimate cloud services like OneDrive, Dropbox, and Mega to act as command-and-control (C2) servers. Other backdoors use standard Transmission Control Protocol (TCP) connections to remote C2 servers or obtain commands to execute from File Transfer Protocol (FTP) server files. While not all backdoors have the same capabilities, they can log keystrokes, take screenshots of the desktop, take photos with the webcam, exfiltrate files from the host, install additional malware, and execute commands on the infected device. The most recent backdoor, PapaCreep, discovered in September 2022, is the first written in C++, whereas previous versions were written in PowerShell or C#. This article continues to discuss the POLONIUM hacking group and its backdoors. 

Bleeping Computer reports "Hacking Group POLONIUM Uses 'Creepy' Malware Against Israel"