Graph: Growing number of threats leveraging Microsoft API


An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services.

The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes.

Read more…
Source: Symantec


Sign up for our Newsletter


Related:

  • Outlook.com hack much worse than initially thought

    April 15, 2019

    A hack that Microsoft said affected “some” of its users’ email accounts is much worse than initially thought, according to reports. On Saturday, the company confirmed that some users of its email services had been targeted by hackers. But the issue is thought to be much worse than previously reported as the hackers were able to ...

  • Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts

    April 13, 2019

    If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News. Earlier this year, hackers managed to breach Microsoft’s customer support portal and access information related to some email accounts registered with the ...

  • Microsoft Edge and Internet Explorer Zero-Days Allow Access to Confidential Session Data

    April 2, 2019

    On March 30th, security researcher James Lee disclosed information on two zero-day vulnerabilities present in current versions of Microsoft Edge and Internet Explorer. These vulnerabilities make it possible for confidential information to be shared between websites. A flaw in the same-origin policy for these web browsers, called an Origin Validation Error (CWE-346), allows JavaScript embedded in a malicious ...

  • The fourth horseman: CVE-2019-0797 vulnerability

    March 13, 2019

    The new zero-day in the Windows OS exploited in targeted attacks In February 2019, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. We reported it to Microsoft on February 22, 2019. ...

  • GandCrab ransomware and Ursnif virus spreading via MS Word macros

    January 21, 2019

    Security researchers have discovered two separate malware campaigns, one of which is distributing the Ursnif data-stealing trojan and the GandCrab ransomware in the wild, whereas the second one is only infecting victims with Ursnif malware. Though both malware campaigns appear to be a work of two separate cybercriminal groups, we find many similarities in them. Both attacks start from phishing ...

  • LCG Kit: Sophisticated builder for Malicious Microsoft Office Documents

    December 13, 2018

    Proofpoint researchers discovered “LCG Kit,” a weaponized document builder service, in March 2018.  Since we began tracking LCG Kit, we have observed it using the Microsoft Equation Editor CVE-2017-11882 , which has been used used in limited email campaigns. ...