Analysis communicationscritical-infrastructure
Harvester APT: South Asia Espionage Expands to Linux With Graph API Command-and-Control
The Harvester threat group — active since at least 2021 against government and telecommunications targets in South Asia — has extended its capabilities to Linux with a new GoGra backdoor variant that routes command-and-control traffic through Microsoft Outlook via the Graph API. The evolution reflects a broader shift toward cloud-service-based C2 that defeats traditional perimeter monitoring.