Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

SITREP: Cybersecurity researchers have identified new operations by the China-aligned threat actor Webworm, which is utilizing Discord and Microsoft Graph API to deploy backdoors known as EchoCreep and GraphWorm. This activity marks a continuation of Webworm's operations since its initial documentation in 2022, with a focus on targeting government agencies. TACTICAL ASSESSMENT: The use of widely adopted platforms like Discord and Microsoft Graph API for command-and-control communications indicates a sophisticated approach to evade detection. This development suggests an ongoing threat to governmental cybersecurity, potentially compromising sensitive information. PROJECTED VECTORS: Future operations may expand to include additional platforms or target a broader range of governmental and private sector entities.