Graph: Growing number of threats leveraging Microsoft API
May 3, 2024, 9:47 a.m.
Tags
External References
Description
An increasing number of cyber threats have adopted the use of the Microsoft Graph API to facilitate covert communications with command-and-control infrastructure hosted on Microsoft cloud services. This technique helps attackers blend in with legitimate traffic to cloud platforms and obtain infrastructure at low cost.
Date
Published: May 3, 2024, 9:05 a.m.
Created: May 3, 2024, 9:05 a.m.
Modified: May 3, 2024, 9:47 a.m.
Indicators
fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb
f229a8eb6f5285a1762677c38175c71dead77768f6f5a6ebc320679068293231
afeaf8bd61f70fc51fbde7aa63f5d8ad96964f40b7d7fce1012a0b842c83273e
7fc54a287c08cde70fe860f7c65ff71ade24dfeedafdfea62a8a6ee57cc91950
5c430e2770b59cceba1f1587b34e686d586d2c8ba1908bb5d066a616466d2cc6
470cd1645d1da5566eef36c6e0b2a8ed510383657c4030180eb0083358813cd3
1a87e1b41341ad042711faa0c601e7b238a47fa647c325f66b1c8c7b313c8bdf
a78cc475c1875186dcd1908b55c2eeaf1bcd59dedaff920f262f12a3a9e9bfa8
4b78b1a3c162023f0c14498541cb6ae143fb01d8b50d6aa13ac302a84553e2d5
02e8ea9a58c13f216bdae478f9f007e20b45217742d0fbe47f66173f1b195ef5
Attack Patterns
Bluelight
BirdyClient
Graphon
SiestaGraph
Graphite
Graphican
Ketrican
T1573
T1071
T1102
T1132
T1041
T1566