VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Webworm Uses Discord and Microsoft Graph API for New Backdoors EchoCreep and GraphWorm

Webworm использует Discord и Microsoft Graph API для новых бэкдоров EchoCreep и GraphWorm

Colleagues, I’d like to highlight fresh cyber activity: the Webworm group has deployed two backdoors — EchoCreep and GraphWorm.

- ESET reports EchoCreep uses Discord for C2, while GraphWorm leverages Microsoft Graph API; both support command execution and file operations.
- Webworm targets government entities and organizations in IT, aerospace and energy; historically they’ve employed RATs and tools like SoftEther VPN.
- Operators conceal tooling on GitHub and use dirsearch/nuclei to discover vulnerabilities.

Why it matters: increased use of legitimate services for C2 complicates detection and response.

How are you enhancing monitoring of such channels?

#cybersecurity #threatintel #incidents #defense

Latest comments

No comments yet.