Dossier
GoGra backdoor
Coverage of GoGra backdoor in the Nexus archive.
- Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor Harvester has deployed a Linux version of its GoGra backdoor in South Asia, utilizing the Microsoft Graph API and Outlook mailboxes as a covert command-and-control channel to bypass network defenses. Symantec and Carbon Black Threat Hunter attribute the attacks to this group.
- New GoGra malware for Linux uses Microsoft Graph API for comms
A Linux variant of the GoGra backdoor uses the Microsoft Graph API and an Outlook inbox for stealthy communication and payload delivery, leveraging Microsoft's legitimate infrastructure to evade detection.