Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
Summary
A threat actor named Harvester is using a new Linux version of its GoGra backdoor to target entities in South Asia. The malware exploits the legitimate Microsoft Graph API and Outlook mailboxes for covert command-and-control (C2) communication, enabling it to evade standard network defenses.
IFF Assessment
The use of legitimate services like Microsoft Graph API and Outlook for C2 operations makes it harder for defenders to detect and block malicious activity.
Defender Context
This attack highlights the increasing sophistication of threat actors by leveraging legitimate cloud services for malicious purposes. Defenders should focus on detecting anomalies in API usage and email traffic that deviate from normal patterns, rather than relying solely on traditional network perimeter security.