Webworm Deploys EchoCreep and GraphWorm Backdoors via Discord

Cybersecurity & VPN News

Cybersecurity researchers have identified fresh activity from a China-aligned threat actor known as Webworm, which has been deploying custom backdoors, EchoCreep and GraphWorm, using Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications. This activity was flagged in …

by
15

Cybersecurity researchers have identified fresh activity from a China-aligned threat actor known as Webworm, which has been deploying custom backdoors, EchoCreep and GraphWorm, using Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications. This activity was flagged in May 2026, indicating that Webworm is continuing its operations, which began at least in 2022. Initially documented by Broadcom-owned Symantec, Webworm has primarily targeted government agencies, raising concerns about the implications for national security and cybersecurity.

Webworm’s Backdoor Deployment Techniques

Webworm deploys sophisticated techniques to leverage popular platforms like Discord and Microsoft Graph API for its malicious activities. The use of Discord as a communication channel is particularly concerning, as it is a widely used application for gaming and social interaction, making it less suspicious for users. This allows Webworm to blend in with legitimate traffic, complicating detection efforts by cybersecurity teams.

The backdoors, EchoCreep and GraphWorm, are designed to maintain persistence within compromised systems, allowing threat actors to execute commands, exfiltrate data, and potentially escalate privileges. The reliance on Microsoft Graph API further indicates that Webworm is capitalizing on the extensive integration of Microsoft services in various organizations, particularly within the government sector. By exploiting these widely used services, Webworm can enhance its operational efficiency while remaining under the radar.

Impact on Users and Privacy

The implications of Webworm’s activities are significant, particularly for users within the government sector. The deployment of backdoors can lead to severe breaches of privacy and compromise sensitive information. Government agencies often handle confidential data that, if accessed by malicious actors, could result in national security threats, data leaks, and the potential for espionage.

For individual users, the risks associated with such cybersecurity vulnerabilities extend beyond just the immediate threat of data theft. Compromised systems can lead to unauthorized access to personal information, financial data, and other sensitive materials. Moreover, users who rely on VPN services for privacy may find their connections compromised if they are not vigilant about the security of their devices and applications.

Context

This recent activity from Webworm underscores the growing trend of cyber threats targeting government and organizational infrastructures. The increasing sophistication of threat actors, particularly those aligned with state-sponsored initiatives, highlights the necessity for robust cybersecurity measures. As more organizations adopt cloud services and integrate third-party applications, the attack surface for these types of threats expands, necessitating a proactive approach to cybersecurity.

What to do

To mitigate the risks associated with threats like those posed by Webworm, it is essential to take immediate action:

  • Update all affected software to the latest versions immediately.
  • Enable automatic updates where possible to ensure you receive the latest security patches.
  • Monitor security advisories from affected vendors to stay informed about vulnerabilities and patches.
  • Use a VPN like Surfshark or NordVPN to protect your internet traffic and enhance your online security.
  • Consider additional security measures such as multi-factor authentication to further safeguard your accounts.

Source

Original article

For more cybersecurity news, reviews, and tips, visit QuickVPNs.

, , , ,
Read More
Cybersecurity & VPN News
Exploit Code Published for Critical Flowise RCE Vulnerability Update
3
Russian Spies Intensify Efforts to Acquire Western Technology
Cybersecurity & VPN News
Russian Spies Intensify Efforts to Acquire Western Technology
3
PAN-OS GlobalProtect Authentication Bypass Vulnerability Active
Cybersecurity & VPN News
PAN-OS GlobalProtect Authentication Bypass Vulnerability Active
3

New Providers
Proton VPN Review (2025): The Ultimate Choice for Privacy Purists?
Proton VPN Review (2025): The Ultimate Choice for Privacy Purists?

A high-security VPN from the creators of Proton Mail, offering unmatched privacy with Swiss jurisdiction, open-source apps, and a unique Secure Core architecture.

Visit
CyberGhost VPN Review (2025): The Best VPN for Streaming & Beginners?
CyberGhost VPN Review (2025): The Best VPN for Streaming & Beginners?

A user-friendly VPN with a massive server network, specialized servers for streaming and torrenting, and an industry-leading 45-day money-back guarantee.

Visit
Surfshark Review (2025): The Best-Value VPN for Unlimited Devices?
Surfshark Review (2025): The Best-Value VPN for Unlimited Devices?

An incredibly affordable VPN offering unlimited simultaneous connections, a powerful ad blocker, and reliable performance for streaming.

Visit
ExpressVPN Review (2025): Still the Best Premium VPN for Speed & Simplicity?
ExpressVPN Review (2025): Still the Best Premium VPN for Speed & Simplicity?

A premium, ultra-fast VPN focused on user-friendliness, with top-tier security, a dedicated router app, and reliable streaming.

Visit
NordVPN Review (2025): An Incredible VPN for Speed & Security?
NordVPN Review (2025): An Incredible VPN for Speed & Security?

Incredibly fast VPN with audited no-logs policy, advanced Threat Protection, and unmatched streaming capabilities.

Visit

© Copyright 2025 | QuickVPNs.com
© Copyright 2025 | QuickVPNs.com