Webworm Uses Discord and Microsoft Graph API for New Backdoors EchoCreep and GraphWorm

Colleagues, I’d like to highlight fresh cyber activity: the Webworm group has deployed two backdoors — EchoCreep and GraphWorm.
- ESET reports EchoCreep uses Discord for C2, while GraphWorm leverages Microsoft Graph API; both support command execution and file operations.
- Webworm targets government entities and organizations in IT, aerospace and energy; historically they’ve employed RATs and tools like SoftEther VPN.
- Operators conceal tooling on GitHub and use dirsearch/nuclei to discover vulnerabilities.
Why it matters: increased use of legitimate services for C2 complicates detection and response.
How are you enhancing monitoring of such channels?
#cybersecurity #threatintel #incidents #defense


Latest comments
No comments yet.