Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

Published: 2 days ago (April 22, 2026 at 11:28 AM EDT)

1 min read

Source: The Hacker News

Overview

The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor, deployed as part of attacks likely targeting entities in South Asia.

Technical Details

The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command‑and‑control (C2) channel, allowing it to bypass traditional perimeter network defenses.

“The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” – Symantec and Carbon Black Threat Hunter

Back to Blog

Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software

Cybersecurity researchers have discovered a new Lua‑based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program...

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

The U.S. Cybersecurity and Infrastructure Security Agency CISA has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Se...

26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal...

Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet

Researchers have finally cracked Fast16, a mysterious code capable of silently tampering with calculation and simulation software. It was created in 2005—and li...