Trace Id is missing

Nation State Actor

Plaid Rain

A close-up of a planet
Since February 2022, Plaid Rain (formerly POLONIUM) has been observed primarily targeting organizations in Israel with a focus on critical manufacturing, IT, and Israel’s defense industry. Microsoft assessed with moderate confidence that Plaid Rain is coordinating its operations with multiple tracked actor groups affiliated with Iran’s Ministry of Intelligence and Security (MOIS), based on victim overlap and the common techniques and tooling. In June, Microsoft reported that threat teams successfully detected and disabled attack activity abusing OneDrive. Microsoft suspended more than 20 malicious OneDrive applications created by Plaid Rain actors, notified affected organizations, and deployed a series of security intelligence updates that will quarantine tools developed by Plaid Rain operators.

 Country of origin:                                                                   Industries targeted:

 

 Lebanon                                                                                     IT services

                                         

                                                                                                    Defense

 Countries targeted:

                                                                                                    Government     

 Israel                                                                                                                   

                                                                                                    Transportation

 

                                                                                                    Healthcare

 

                                                                                                    Agriculture

 

                                                                                                    Financial

 

                                                                                                    Manufacturing 

Microsoft Threat Intelligence: Recent Plaid Rain Articles

Exposing POLONIUM activity and infrastructure targeting Israeli organization

Follow Microsoft Security