Microsoft Graph API misused by new GoGra Linux malware for hidden communication

A newly discovered Linux variant of the GoGra backdoor malware leverages Microsoft Graph API and an Outlook inbox to covertly deliver malicious payloads. This sophisticated tactic enables the malware to blend in with legitimate traffic, significantly complicating detection efforts. The GoGra malware is attributed to the Harvester cyberespionage group, a suspected nation-state actor. By exploiting the Microsoft Graph API, the attackers can conduct targeted cyber espionage operations with increased effectiveness. The use of a legitimate service like Microsoft Graph API for malicious purposes underscores the evolving threat landscape, where state-aligned actors are adapting their tactics to evade detection¹. This shift in threat model from criminal to geopolitical necessitates a revised approach to cybersecurity, as traditional defenses may be inadequate against such sophisticated attacks.