A Chinese hacking group called Webworm has shifted its focus from Asia to European government targets in Belgium, Italy, Serbia, Spain, and Poland, using unconventional command-and-control methods through Discord, Microsoft Graph API, and GitHub repositories. Security researchers at ESET found the group has evolved from using well-known malware to deploying stealthier proxy tools and custom backdoors that leverage popular platforms to avoid detection. Organizations are urged to patch vulnerabilities, monitor unusual communications to services like Discord and Microsoft Graph, and watch for abnormal data transfers that fall outside standard workflows.