"Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft"

There has been a rise in the use of native Microsoft services by nation-state espionage actors for their Command-and-Control (C2) needs. In recent years, several unrelated groups have realized that using Microsoft's services against their targets is cheaper and more effective than building and maintaining their own infrastructure. Besides saving money and hassle by not having to build and maintain their own infrastructure, using legitimate services lets attackers blend in with legitimate network traffic. The Microsoft Graph Application Programming Interface (API) is an attractive tool to attackers. Developers can use Microsoft Graph's API to connect to email, calendar events, files, and more across Microsoft cloud services. Though harmless by itself, it allows hackers to easily run C2 infrastructure using the same cloud services. For example, Symantec threat hunters recently discovered "BirdyClient," a new malware that connects to the Microsoft Graph API to upload and download files using OneDrive. This article continues to discuss threat actors' weaponization of Microsoft's services.

Dark Reading reports "Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft"

Submitted by grigby1