Summary

The article discusses a new Linux version of the GoGra backdoor deployed by the threat actor Harvester, targeting entities in South Asia. The malware uses the Microsoft Graph API and Outlook mailboxes for command-and-control (C2) operations.

Key Points

• Harvester is the threat actor responsible for deploying the Linux GoGra backdoor.
• The malware targets entities in South Asia.
• It uses the Microsoft Graph API and Outlook mailboxes as a covert C2 channel.
• This approach allows the malware to bypass traditional perimeter network defenses.
• Symantec and Carbon Black Threat Hunter are the sources attributing this activity to Harvester.

Analysis

The deployment of the Linux GoGra backdoor by Harvester highlights a sophisticated method of using legitimate services like Microsoft Graph API for malicious purposes. This tactic allows the malware to evade detection by traditional security measures, posing a significant threat to targeted organizations in South Asia. The use of legitimate services for C2 operations is a growing trend in cyber threats, emphasizing the need for advanced threat detection mechanisms.

Conclusion

IT professionals should enhance their security measures by implementing advanced threat detection solutions that can identify and mitigate threats using legitimate services for malicious activities. Regular monitoring and analysis of network traffic for anomalies are recommended.