An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services.
The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes.
Read more…
Source: Symantec
Related:
- TA422’s Dedicated Exploitation Loop – the Same Week After Week
December 5, 2023
Starting in March 2023, Proofpoint researchers have observed the Russian advanced persistent threat (APT) TA422 readily use patched vulnerabilities to target a variety of organizations in Europe and North America. TA422 overlaps with the aliases APT28, Forest Blizzard, Pawn Storm, Fancy Bear, and BlueDelta, and is attributed by the United States Intelligence Community to the Russian ...
- Update now! Microsoft patches 3 actively exploited zero-days
November 15, 2023
Another important update round for this month’s Patch Tuesday. Microsoft has patched a total of 63 vulnerabilities in its operating systems. Five of these vulnerabilities qualify as zero-days, with three listed as being actively exploited. Microsoft considers a vulnerability to be a zero-day if it is publicly disclosed or actively exploited with no official fix available. ...
- In-depth analysis of July 2023 exploit chain featuring CVE-2023-36884 and CVE-2023-36584
November 13, 2023
During their analysis of a July 2023 campaign targeting groups supporting Ukraine’s admission into NATO, Unit 42 researchers discovered a new vulnerability for bypassing Microsoft’s Mark-of-the-Web (MotW) security feature. This activity has been attributed by the community to the pro-Russian APT group known as Storm-0978 (also known as the RomCom Group, in reference to their use ...
- Microsoft to help Australia’s cyber spies amid $5bn investment in cloud computing
October 23, 2023
Microsoft says it will invest an additional $5bn in Australia over the next two years to expand hyperscale cloud computing capacity while collaborating with the Australian Signals Directorate (ASD) to boost domestic protection from cyber threats. Anthony Albanese confirmed the new investment on the opening day of his state visit to the United States during an ...
- R2R stomping – are you ready to run?
October 9, 2023
What if we told you that the reality you perceive with your very own eyes is not always what it seems? That the .NET code you witness executing within your beloved managed debugger, such as dnSpy/dnSpyEx, may not necessarily be the same code that operates outside of its bounds? .NET application startup time and latency ...
- Microsoft AI researchers accidentally exposed terabytes of internal sensitive data
September 18, 2023
Microsoft AI researchers accidentally exposed tens of terabytes of sensitive data, including private keys and passwords, while publishing a storage bucket of open source training data on GitHub. In research shared with TechCrunch, cloud security startup Wiz said it discovered a GitHub repository belonging to Microsoft’s AI research division as part of its ongoing work ...