Microsoft announced that it had “successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group”, evaluating “with moderate confidence that the observed activity was coordinated with other actors affiliated with Iran’s Ministry of Intelligence and Security (MOIS)”. “Such collaboration or direction from Tehran”, the company added, “would align with a string of revelations since late 2020 that the Government of Iran is using third parties to carry out cyber operations on their behalf, likely to enhance Iran’s plausible deniability”. Microsoft further revealed that “since February 2022, POLONIUM has been observed primarily targeting organisations in Israel with a focus on critical manufacturing, IT and Israel’s defence industry”.