Nation-state espionage increasingly exploits Microsoft services for stealthy command-and-control activities.

Hackers find using Microsoft's services such as Microsoft Graph API cost-effective and camouflaged within normal traffic.

Malware like BirdyClient, Bluelight, Backdoor.Graphon, Graphite, and SiestaGraph are identified leveraging Microsoft Graph API for control.

Notable attacking groups include APT37, Harvester, APT15, and Cozy Bear.

Organizations are advised to monitor for unauthorized cloud accounts and verify connections to their authorized cloud services to mitigate risks.

Nate Nelson, a New York City-based freelance writer and cybersecurity reporter, has highlighted these security concerns.