China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.
Summary
China's advanced persistent threat group, Webworm, is reportedly targeting EU governments using Discord and Microsoft Graph APIs for command and control. The group also leverages SoftEther VPN for its operations, acting as a proxy to obscure its activities.
IFF Assessment
FOE
This article details the advanced tactics of a threat actor targeting government entities, representing a significant risk to defenders.
Defender Context
Defenders should be aware of the increasing sophistication of nation-state actors and their innovative use of cloud services like Discord and Microsoft Graph for malicious purposes. Monitoring for unusual API usage and network traffic patterns associated with these services is crucial for early detection.