Set country to LB instead of IR based on operational activity.

This commit is contained in:
Thomas Dupuy 2022-07-12 16:21:41 +00:00
parent 1a8835bcae
commit 90da0d798f

View file

@ -9547,7 +9547,7 @@
"description": "Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center (MSTIC) tracks as POLONIUM.", "description": "Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center (MSTIC) tracks as POLONIUM.",
"meta": { "meta": {
"attribution-confidence": "75", "attribution-confidence": "75",
"cfr-suspected-state-sponsor": "Iran", "cfr-suspected-state-sponsor": "Lebanon",
"cfr-suspected-victims": [ "cfr-suspected-victims": [
"Israel" "Israel"
], ],
@ -9562,7 +9562,7 @@
"Transportation systems" "Transportation systems"
], ],
"cfr-type-of-incident": "Espionage", "cfr-type-of-incident": "Espionage",
"country": "IR", "country": "LB",
"refs": [ "refs": [
"https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/" "https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/"
] ]