Espionage Groups Exploit Microsoft Services for Stealthy Cyberattacks
May 2, 2024Nation-state espionage increasingly exploits Microsoft services for stealthy command-and-control activities.
Hackers find using Microsoft's services such as Microsoft Graph API cost-effective and camouflaged within normal traffic.
Malware like BirdyClient, Bluelight, Backdoor.Graphon, Graphite, and SiestaGraph are identified leveraging Microsoft Graph API for control.
Notable attacking groups include APT37, Harvester, APT15, and Cozy Bear.
Organizations are advised to monitor for unauthorized cloud accounts and verify connections to their authorized cloud services to mitigate risks.
Nate Nelson, a New York City-based freelance writer and cybersecurity reporter, has highlighted these security concerns.
Summary based on 1 source
Get a daily email with more Tech stories
Source
Dark Reading • May 1, 2024
Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft