Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications

May 3, 2024 at 09:57AM Threat actors are increasingly using Microsoft Graph API for malicious purposes to evade detection, enabling communication with command-and-control (C&C) infrastructure on Microsoft cloud services. Symantec uncovered instances of nation-state-aligned hacking groups using this method, including the deployment of previously undocumented malware called BirdyClient. The popularity of Graph API among attackers … Read more

Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft

May 2, 2024 at 06:08AM Nation-state espionage is increasingly using Microsoft’s services for their command-and-control needs, finding it more economical and effective than maintaining their own infrastructure. For example, Symantec discovered “BirdyClient,” a malware leveraging Microsoft Graph to operate through OneDrive. Multiple groups, including APT37 and Cozy Bear, have used this technique, requiring organizations to … Read more