Hackers are using Microsoft OneDrive in a multi-stage espionage campaign aimed at high-ranking government officials in Western Asia, according to a new report from Trellix.
Researchers with Trellix named the malware involved “Graphite” because it uses Microsoft’s Graph API to leverage OneDrive as a command and control server. The attack takes advantage of an MSHTML remote code execution vulnerability (CVE-2021-40444) to execute a malicious executable in memory, according to Trellix.
“As seen in the analysis of the Graphite malware, one quite innovative functionality is the use of the OneDrive service as a Command and Control through querying the Microsoft Graph API with a hardcoded token in the malware.
Read more…
Source: ZDNet