New GoGra malware for Linux uses Microsoft Graph API for comms
Summary
A new Linux variant of the GoGra backdoor has been identified that leverages Microsoft's Graph API and Outlook for command and control (C2) communications. This sophisticated approach allows the malware to blend in with legitimate traffic, making it harder for security systems to detect. The malware utilizes a legitimate Outlook inbox to receive instructions and deliver payloads.
IFF Assessment
The use of legitimate infrastructure like Microsoft Graph API and Outlook by malware makes it more challenging for defenders to distinguish malicious activity from normal network traffic.
Defender Context
Defenders should be aware of malware that abuses legitimate cloud services for C2 communications, as traditional network signature-based detection may be less effective. Monitoring for unusual API activity and suspicious email patterns related to cloud services can help identify such threats. This trend highlights the need for behavioral analysis and cloud security posture management to detect sophisticated attacks.