August 7, 2024 at 06:57AM
An unnamed media organization in South Asia was targeted using a previously undocumented Go-based backdoor called GoGra, which utilizes the Microsoft Graph API for C&C purposes. Other new malware families have employed similar techniques, suggesting that threat actors are increasingly utilizing legitimate cloud services for low-key operations.
Based on the meeting notes, the key takeaway would be that there is a growing trend among threat actors in using legitimate cloud services for cyber espionage activities, leveraging tools such as GoGra, Grager, MoonTag, and Onedrivetools. These backdoors and data exfiltration tools are utilizing the Microsoft Graph API to communicate with command-and-control servers hosted on cloud platforms such as Microsoft mail services, OneDrive, and Google Drive. Additionally, the report suggests that threat actors are mimicking successful techniques and learning from each other’s tactics. This information provides insight into the evolving landscape of cyber threats and underscores the importance of understanding and mitigating risks associated with cloud-based cyber espionage activities.