SECURITYTHE HACKER NEWS
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Webworm, a China-aligned threat actor, has deployed custom backdoors using Discord and Microsoft Graph API for command-and-control communications, targeting government agencies since at least 2022. The group was first publicly documented by Symantec in September 2022. Webworm's activity has been flagged by cybersecurity researchers in 2025.
Mentioned