Graph: Growing number of threats leveraging Microsoft API


An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services.

The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes.

Read more…
Source: Symantec


Sign up for our Newsletter


Related:

  • Microsoft to help Australia’s cyber spies amid $5bn investment in cloud computing

    October 23, 2023

    Microsoft says it will invest an additional $5bn in Australia over the next two years to expand hyperscale cloud computing capacity while collaborating with the Australian Signals Directorate (ASD) to boost domestic protection from cyber threats. Anthony Albanese confirmed the new investment on the opening day of his state visit to the United States during an ...

  • R2R stomping – are you ready to run?

    October 9, 2023

    What if we told you that the reality you perceive with your very own eyes is not always what it seems? That the .NET code you witness executing within your beloved managed debugger, such as dnSpy/dnSpyEx, may not necessarily be the same code that operates outside of its bounds? .NET application startup time and latency ...

  • Microsoft AI researchers accidentally exposed terabytes of internal sensitive data

    September 18, 2023

    Microsoft AI researchers accidentally exposed tens of terabytes of sensitive data, including private keys and passwords, while publishing a storage bucket of open source training data on GitHub. In research shared with TechCrunch, cloud security startup Wiz said it discovered a GitHub repository belonging to Microsoft’s AI research division as part of its ongoing work ...

  • Unusually low 5 critical vulnerabilities included in Microsoft September Patch Tuesday, along with two zero-days

    September 12, 2023

    Microsoft disclosed 65 vulnerabilities across its suite of products and software Tuesday, only five of which are considered critical, which is very low compared to Microsoft’s usual security updates. However, there are two issues disclosed and patched this month that have already been exploited in the wild. Fifty-six of the vulnerabilities included in this month’s Patch ...

  • Storm-0558: Understanding How Microsoft Failed to Protect Itself

    September 7, 2023

    You’re undoubtedly familiar with the so-called Storm-0558 attacks from July 2023. If not a quick recap: these attacks (widely attributed as the work of the Chinese government) compromised a number of high-value Exchange Online mailboxes, including the US Secretary of Commerce and the US Ambassador to China. Given the sensitivity of the mailboxes, it’s likely ...

  • Midnight Blizzard conducts targeted social engineering over Microsoft Teams

    August 2, 2023

    Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard (previously tracked as NOBELIUM). This latest attack, combined with past activity, further demonstrates Midnight Blizzard’s ongoing execution of their objectives using both new and common ...