Microsoft Graph API | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc . "The threat actor hides each malware stage behind a SharePoint site and uses a modified version of Havoc Demon in conjunction with the Microsoft Graph API to obscure C2 communications within trusted, well-known services," Fortinet FortiGuard Labs said in a technical report shared with The Hacker News. The starting point of the attack is a phishing email containing an HTML attachment ("Documents.html") that, when opened, displays an error message, which uses the ClickFix technique to trick users into copying and executing a malicious PowerShell command into their terminal or PowerShell, thereby triggering the next-stage. The ClickFix bait used in the newly discovered campaign informs the user that there is an error connecting to Microsoft OneDrive, and that they need to rectif...