Symantec has issued a warning that a China-linked hacking group known as APT15 is targeting foreign affairs ministries in the Americas using a new backdoor called Graphican. The group utilized Graphican along with various living-off-the-land tools during an attack campaign. Graphican functions similarly to the previously used Ketrican backdoor but utilizes the Microsoft Graph API to connect to OneDrive and retrieve command-and-control (C&C) information. APT15 also employed other tools such as Ewstew backdoor, web shells, and publicly available tools to steal email messages, extract credentials, escalate privileges, scan for vulnerabilities, and exploit known flaws. The group, believed to be sponsored by the Chinese government, has been active since 2004 and targets governments, diplomatic missions, human rights organizations, embassies, and think-tanks across different regions.

Read more: https://www.securityweek.com/china-linked-apt15-targets-foreign-ministries-with-graphican-backdoor/