Graph: Growing number of threats leveraging Microsoft API


An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services.

The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes.

Read more…
Source: Symantec


Sign up for our Newsletter


Related:

  • Graph: Growing number of threats leveraging Microsoft API

    May 2, 2024

    An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services. The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for ...

  • CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability

    April 17, 2024

    An integer overflow vulnerability exists in the Libarchive library included in Microsoft Windows. The vulnerability is due to insufficient bounds checks on the block length of a RARVM filter used for Intel E8 preprocessing, included in the compressed data of a RAR archive. A remote attacker could exploit this vulnerability by enticing a target user into ...

  • Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities

    April 11, 2024

    The April 2024 Patch Tuesday update includes patches for 149 Microsoft vulnerabilities and republishes 6 non-Microsoft CVEs. Three of those 149 vulnerabilities are listed as critical, and one is listed as actively exploited by Microsoft. Another vulnerability is claimed to be a zero-day by researchers that have found it to be used in the wild. Let’s ...

  • Microsoft employees exposed internal passwords in security lapse

    April 9, 2024

    Microsoft has resolved a security lapse that exposed internal company files and credentials to the open internet. Security researchers Can Yoleri, Murat Özfidan and Egemen Koçhisarlı with SOCRadar, a cybersecurity company that helps organizations find security weaknesses, discovered an open and public storage server hosted on Microsoft’s Azure cloud service that was storing internal information relating ...

  • New Gmail & M365 Warning As 2FA Security Bypass Hack Confirmed

    March 26, 2024

    The developers of a notorious 2FA account security bypass tool have launched an updated version of their ‘as-a-service’ kit that is targeting Microsoft 365 and Gmail account holders. Researchers from the Sekoia Threat Detection and Research team have published an in-depth analysis of Tycoon 2FA, a notorious adversary-in-the-middle kit, that is being distributed via cybercrime forums ...

  • Microsoft Announces Suspension of Cloud Services in Russia Amid EU Sanctions

    March 18, 2024

    Microsoft has announced that it will suspend access to its cloud services for companies based in Russia, effective March 20. This move comes as a direct response to the European Union’s 12th package of sanctions against Russia, specifically EU regulation 833/2014. The suspension includes a wide range of cloud-based products, significantly impacting Russian businesses that rely ...