Novel Graphican backdoor leveraged in Chinese APT attacks against foreign ministries

Chinese state-sponsored threat operation Flea also known as APT15, Nylon Typhoon, BackdoorDiplomacy, Vixen Panda, Royal APT, Playful Taurus, and ke3chang has leveraged the novel Graphican backdoor in attacks against foreign affairs ministries across the Americas between late 2022 and early 2023, The Hacker News reports. Graphican, which is regarded to be an updated version of the group's Ketrican backdoor, secures command-and-control server details through the exploitation of Microsoft Graph API and OneDrive, which has also been used by the APT28 and Bad Magic threat groups, according to a Symantec report. Aside from the backdoor, which also features the ability to set up new commands for execution, Flea has also deployed various other tools in the attack campaign, including an updated EWSTEW backdoor for Microsoft Exchange server email exfiltration. "The use of a new backdoor by Flea shows that this group, despite its long years of operation, continues to actively develop new tools," said researchers.