Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API — Ravie LakshmananApr 22, 2026Cyber Espionage / Malware [https://blogger.goog
What’s new: The Harvester threat actor has deployed a new Linux variant of its GoGra backdoor, targeting entities in South Asia. This malware utilizes the Microsoft Graph API and Outlook mailboxes for command-and-control (C2) communications, enabling it to evade traditional network defenses. The backdoor is delivered through social engineering tactics, tricking users into executing ELF binaries disguised as PDF documents.
Who’s affected
Organizations in South Asia, particularly in the telecommunications, government, and IT sectors, are likely the primary targets of these espionage activities, with indications of attacks traced back to India and Afghanistan.
What to do
- Monitor network traffic for unusual communications with Microsoft Graph API and Outlook mailboxes.
- Implement security measures to detect and block ELF binaries and suspicious email attachments.
- Educate users on the risks of social engineering and the importance of verifying email sources before opening attachments.
- Regularly update and patch systems to mitigate vulnerabilities that could be exploited by such malware.
