Microsoft Graph API
Coverage of Microsoft Graph API in the Nexus archive.
- Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Webworm, a China-aligned threat actor, has deployed custom backdoors using Discord and Microsoft Graph API for command-and-control communications, targeting government agencies since at least 2022. The group was first publicly documented by Symantec in September 2022. Webworm's activity has been flagged by cybersecurity researchers in 2025.
- Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor Harvester has deployed a Linux version of its GoGra backdoor in South Asia, utilizing the Microsoft Graph API and Outlook mailboxes as a covert command-and-control channel to bypass network defenses. Symantec and Carbon Black Threat Hunter attribute the attacks to this group.
- Microsoft traces Universal Print issues to Graph API code change
Microsoft has identified a Microsoft Graph API code change as the cause of ongoing Universal Print sharing issues, which are preventing users from creating certain printer shares.
- New GoGra malware for Linux uses Microsoft Graph API for comms
A Linux variant of the GoGra backdoor uses the Microsoft Graph API and an Outlook inbox for stealthy communication and payload delivery, leveraging Microsoft's legitimate infrastructure to evade detection.