Skip to content

Chinese Webworm Hackers Use Discord and Microsoft to Compromise EU Authorities

Bottom line: The Chinese APT group Webworm infiltrated EU government authorities using Discord and Microsoft services as communication channels and SOCKS proxies for anonymizing their attacks.

An advanced threat group with connections to China has abused Discord and Microsoft services to conduct cyberattacks against European government agencies. The attackers also employed SOCKS proxies such as SoftEther VPN to conceal their activities.

The advanced threat group Webworm, which has been linked to China, has conducted targeted cyberattacks against European government organizations. The attackers used unexpected methods in doing so: they integrated the chat platform Discord as well as Microsoft services into their attack chain.

To cover their digital tracks, the group relied on SOCKS proxies and tunneling tools such as SoftEther VPN. These technologies function as intermediaries between victims and attackers, enabling cybercriminals to obscure their true identity and geographic location.

The abuse vectors through common, trusted platforms such as Discord and Microsoft point to a strategy of bypassing security defenses that would normally block suspicious network activity. These attack methods underscore the increasing sophistication of modern state-sponsored cyberattacks.

Share on: