Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications

[silversurfer]

Content source

https://thehackernews.com/2024/05/hackers-increasingly-abusing-microsoft.html

Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection.

This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.

"Attacker communications with C&C servers can often raise red flags in targeted organizations," Symantec said. "The Graph API's popularity among attackers may be driven by the belief that traffic to known entities, such as widely used cloud services, is less likely to raise suspicions.
"In addition to appearing inconspicuous, it is also a cheap and secure source of infrastructure for attackers since basic accounts for services like OneDrive are free."