Dossier
Webworm
Coverage of Webworm in the Nexus archive.
- Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Webworm, a China-aligned threat actor, has deployed custom backdoors using Discord and Microsoft Graph API for command-and-control communications, targeting government agencies since at least 2022. The group was first publicly documented by Symantec in September 2022. Webworm's activity has been flagged by cybersecurity researchers in 2025.