Harvester: APT Group Expands Toolset With New GoGra Linux Backdoor

Harvester, a suspected nation-state APT active since at least 2021, developed a new Linux GoGra backdoor that masquerades ELF binaries as documents and uses hardcoded Azure AD application credentials to poll Outlook mailboxes via the Microsoft Graph API as a covert C2; the implant persists via a systemd user unit and XDG autostart, executes operator-sent tasks, returns AES-encrypted results by email, and deletes tasking messages, while analysis links this Linux build to a Windows variant and provides multiple hashes as IOCs with a likely South Asia targeting focus.