Webworm: New burrowing techniques

**ESET analyzed the 2025 activity of Webworm, a China-aligned APT, documenting a shift from traditional RATs to stealthier proxy tooling and two new backdoors that use Discord (EchoCreep) and the Microsoft Graph API/OneDrive (GraphWorm) for C2; the report details targeted campaigns against European government entities and other victims, staging on public GitHub and a compromised Amazon S3 bucket, provides IoCs (file hashes, IPs, domains), and maps observed behaviors to MITRE ATT&CK techniques.**