Microsoft Graph is becoming a popular target for hackers



Multiple hacking collectives are been actively using Microsoft Graph API to hide their communications with command & control (C2) infrastructure hosted on Microsoft cloud services, cybersecurity researchers from Symantec Threat Hunter Team have revealed.

The researchers claim that for two and a half years now, groups such as APT28, REF2924, Red Stinger, Flea, APT29, and Oilrig, have been using this technique to remain out of sight. Among the targets is an unnamed organization from Ukraine, which was infected by a previously unknown malware variant dubbed BirdyClient. 



Source Article Link

Leave a Comment