Threats Tagged 'microsoft graph api'

The Harvester APT group has developed a new Linux version of its GoGra backdoor that uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control channel. The malware employs social engineering lures with tailored decoy documents, masquerading malicious ELF files as standard documents. Initial VirusTotal submissions originated from India and Afghanistan, indicating these regions as primary targets. The backdoor uses hardcoded Azure AD credentials to poll a specific mailbox folder at two-second intervals, executing commands received via encrypted emails and exfiltrating results through reply messages. Analysis confirms this Linux variant shares nearly identical code with a previously known Windows version, including matching spelling errors, demonstrating Harvester's multi-platform development strategy and continued focus on South Asian espionage operations.

The Harvester APT group has developed a highly-evasive Linux version of its GoGra backdoor that leverages Microsoft Graph API and Outlook mailboxes as a covert command-and-control channel to bypass traditional network defenses. Initial VirusTotal submissions originated from India and Afghanistan, indicating these regions as primary targets. The attackers use social engineering with tailored decoy documents masquerading as legitimate files, including references to Indian food delivery services. The backdoor uses hardcoded Azure AD credentials to poll mailboxes every two seconds, executing commands received via email and exfiltrating results back to operators. Analysis confirms this Linux variant shares nearly identical code with a previously known Windows version, including matching spelling errors, demonstrating the group's multi-platform development strategy and continued expansion of capabilities targeting South Asia for espionage purposes.

MediumMalwareIndiaAfghanistan#graphon#south asia espionage#cross-platform