CUNNINGPIGEON

CUNNINGPIGEON is a backdoor malware that leverages the Microsoft Graph API to establish covert communication channels with compromised systems. It is utilized by the China-linked advanced persistent threat (APT) group Winnti (also known as APT41) in their cyber espionage campaigns. CUNNINGPIGEON enables attackers to execute commands, manage files, and establish custom proxy functionalities by retrieving instructions embedded within Microsoft 365 mail messages.