> TritonInfoSec News
Home / May 24, 2026 / Story
0
#10 Dark Reading general May 22, 2026 at 07:01 UTC

China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.

By Alexander Culafi

AI Summary

China's Webworm APT group has been targeting European government entities by abusing Discord and Microsoft Graph APIs for command-and-control, combined with SOCKS proxy tools including SoftEther VPN to obscure attacker infrastructure. The use of trusted cloud platforms for C2 makes detection via traditional network monitoring significantly harder. EU government security teams should monitor for anomalous Graph API and Discord traffic originating from internal hosts.

Read full article → https://www.darkreading.com/endpoint-security/chin…

Relevance score: 74.0/100

# More from May 24

  1. 1
    LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root The Hacker News
  2. 2
    Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV The Hacker News
  3. 3
    A hacker group is poisoning open source code at an unprecedented scale Ars Technica Security
  4. 4
    Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack SecurityWeek
  5. 5
    ‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested SecurityWeek
  6. 6
    US and Canada arrest and charge suspected Kimwolf botnet admin BleepingComputer
  7. 7
    CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV The Hacker News
  8. 8
    CISA Security Leak Schneier on Security
  9. 9
    FBI warns about fast-growing phishing kit targeting Microsoft 365 users CyberScoop