Since February 2022, Plaid Rain (formerly POLONIUM) has been observed primarily targeting organizations in Israel with a focus on critical manufacturing, IT, and Israel’s defense industry. Microsoft assessed with moderate confidence that Plaid Rain is coordinating its operations with multiple tracked actor groups affiliated with Iran’s Ministry of Intelligence and Security (MOIS), based on victim overlap and the common techniques and tooling. In June, Microsoft reported that threat teams successfully detected and disabled attack activity abusing OneDrive. Microsoft suspended more than 20 malicious OneDrive applications created by Plaid Rain actors, notified affected organizations, and deployed a series of security intelligence updates that will quarantine tools developed by Plaid Rain operators.