FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux

A new espionage campaign, attributed to threat cluster REF7707, targets foreign ministries, telecommunications entities, and universities in South America and Southeast Asia. The campaign employs a sophisticated malware suite, including PATHLOADER and FINALDRAFT, for remote access and command-and-control via the Microsoft Graph API. The Linux variant of FINALDRAFT, with similar C2 functionality, suggests a well-organized and potentially state-sponsored operation.