Skip to content
The Nexus
SECURITYMay 20 · 12:51 UTCTHE HACKER NEWS[email protected] (The Hacker News)

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

Webworm, a China-aligned threat actor, has deployed custom backdoors using Discord and Microsoft Graph API for command-and-control communications, targeting government agencies since at least 2022. The group was first publicly documented by Symantec in September 2022. Webworm's activity has been flagged by cybersecurity researchers in 2025.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this