Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection.
This is done to « facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services, » the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.
