Outlining a new SiestaGraph backdoor
Outlining a new SiestaGraph backdoor
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
The Foreign Affairs Office of an Association of Southeast Asian Nations (ASEAN) member is targeted by multiple threat actors who are coordinating active campaigns via a vulnerable Microsoft Exchange server. Upon establishing access, the victim’s emails are exported. The attack chain begins with the execution of “SiestaGraph,” which is named for the long sleep timer and the way the backdoor leverages the Microsoft Graph API for command and control.