Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Thre...

Threat Actor Profile

POLONIUM

State-sponsored threat group originating from LB. Suspected sponsor: Lebanon. Known to target Critical manufacturing, Defense industrial base, Financial services and 10 other sectors. Uses 11 known MITRE ATT&CK techniques.

11 TTPs Mapped 13 Industries Tracked Real-Time Alerts

Actor Overview

Origin Country
LB
Suspected Sponsor
Lebanon
Incident Types
Espionage
Known Techniques
11 TTPs

Target Industries

Critical manufacturingDefense industrial baseFinancial servicesFood and agricultureGovernment agencies and servicesHealthcarePharmaceuticalsInformation technologyTransportation systemsNGOsCivil SocietyMilitaryDefense

Suspected Victims

Israel

MITRE ATT&CK Techniques

T1583T1583.006T1567T1567.002T1588T1588.002T1090T1199T1078T1102T1102.002

Related Threat Reports

Premium
APT Campaign Analysis - Q4 2025Dec 2025
New Tactics Observed in WildDec 2025
Infrastructure Mapping ReportDec 2025
Stay Updated

Get alerts when new intel on POLONIUM is published.

Actor Details

Primary Name
POLONIUM
Known Aliases
Plaid Rain, UNC4453, GREATRIFT
Data Source
Precursor Intelligence
Need API Access?

Integrate threat actor data into your SIEM or SOAR.

View Plans →