Skip to content
The Nexus
DossierENTITY

Webworm

Coverage of Webworm in the Nexus archive.

Earliest in view: May 20 · 12:51 UTCMost recent: May 20 · 12:51 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 20 · 12:51 UTCTHE HACKER NEWS
    Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

    Webworm, a China-aligned threat actor, has deployed custom backdoors using Discord and Microsoft Graph API for command-and-control communications, targeting government agencies since at least 2022. The group was first publicly documented by Symantec in September 2022. Webworm's activity has been flagged by cybersecurity researchers in 2025.