Outlining a new SiestaGraph backdoor

Threat Level – Red | Vulnerability Report
Download PDF

The Foreign Affairs Office of an Association of Southeast Asian Nations (ASEAN) member is targeted by multiple threat actors who are coordinating active campaigns via a vulnerable Microsoft Exchange server. Upon establishing access, the victim’s emails are exported. The attack chain begins with the execution of “SiestaGraph,” which is named for the long sleep timer and the way the backdoor leverages the Microsoft Graph API for command and control.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox