Graph: Growing number of threats leveraging Microsoft API


An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services.

The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes.

Read more…
Source: Symantec


Sign up for our Newsletter


Related:

  • A patched Windows attack surface is still exploitable

    March 14, 2024

    On August 8, 2023, Microsoft finally released a kernel patch for a class of vulnerabilities affecting Microsoft Windows since 2015. The vulnerabilities lead to elevation of privilege (EoP), which allows an account with user rights to gain SYSTEM privileges on a vulnerable host. The root cause of this attack surface, according to a 2015 blog, is ...

  • CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign

    March 13, 2024

    The Zero Day Initiative (ZDI) recently uncovered a DarkGate campaign in mid-January 2024, which exploited CVE-2024-21412 through the use of fake software installers. During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass CVE-2024-21412 that led ...

  • EU’s use of Microsoft 365 found to breach data protection rules

    March 11, 2024

    A lengthy investigation into the European Union’s use of Microsoft 365 has found the Commission breached the bloc’s data protection rules through its use of the cloud-based productivity software. Announcing its decision in a press release today, the European Data Protection Supervisor (EDPS) said the Commission infringed “several key data protection rules when using Microsoft 365”. Read ...

  • Microsoft admits Russian state hack still not contained

    March 9, 2024

    Microsoft said Friday it’s still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data. The hackers from Russia’s SVR foreign intelligence service used data obtained in the intrusion, which it ...

  • Microsoft Exchange vulnerability actively exploited

    February 16, 2024

    As it turns out, there was another actively exploited vulnerability included in Microsoft’s patch Tuesday updates for February. When Microsoft said in its update guide for CVE-2024-21410 that the vulnerability was likely to be exploited by attackers, they weren’t kidding. Soon after they changed the status to “Exploitation Detected”. The Exchange vulnerability is listed in the ...

  • The Risks Of The #Monikerlink Bug In Microsoft Outlook And The Big Picture

    February 14, 2024

    Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. As mentioned in the paper, Check Point researches discovered an interesting ...