The threat actor known as Harvester has expanded its toolset with a new Linux variant of its GoGra backdoor, primarily targeting entities in South Asia, including India and Afghanistan. This malware utilizes social engineering to trick users into executing ELF binaries disguised as PDF documents, allowing the adversary to establish a persistent foothold within Linux-based environments.
GoGra is particularly notable for its use of the Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel. By abusing legitimate cloud infrastructure, the backdoor bypasses traditional perimeter defenses to receive tasking and exfiltrate data. This development highlights Harvester's ongoing effort to diversify its capabilities across different operating systems while maintaining consistent C2 logic and deployment architectures.
Top comments (0)