MalwareAdvanced6 modules

China's Webworm Uses Discord, Microsoft Graphs to Hack EU Governments

HackerLegend.com Threat IntelligenceOriginal Source

Threat Overview

Advanced Persistent Threat (APT) Webworm uses Discord, Microsoft Graphs, and SOCKS proxies to hack EU governments, exploiting vulnerabilities and leveraging social engineering.

1

Threat Overview

China's Webworm APT group exploited Discord and Microsoft Graphs to hack EU governments, using SOCKS proxies and tunneling tools for persistence. The attack targeted EU governments, leveraging social engineering and exploiting vulnerabilities in Microsoft tools. The threat actors relied on SoftEther VPN for proxying.
2

Key Intelligence Points

1. The threat actors used Discord and Microsoft Graphs for initial access and lateral movement.
2. The attack targeted EU governments, exploiting vulnerabilities in Microsoft tools for persistence.
3. SoftEther VPN was used as a SOCKS proxy for tunneling and persistence.
4. Detection opportunities include monitoring for suspicious Discord and Microsoft Graphs activity, as well as unusual SoftEther VPN usage.
3

MITRE ATT&CK Techniques

T1566.001 Spearphishing Attachment
T1210 Exploit Public-Facing Application
4

Indicators of Compromise (IOCs) / Affected Systems

SoftEther VPN
Discord
Microsoft Graphs
5

Mitigation & Detection

Implement strict access controls and monitoring for Discord and Microsoft Graphs activity, and restrict SoftEther VPN usage to trusted networks.
Back to Threat Intelligence Feed