Webworm, also known by the aliases Space Pirates and Erudite Mogwai, is a China-aligned advanced persistent threat (APT) group that emerged in 2017. Their primary motivation is information theft and cyber espionage. Initially, the group concentrated its operations on targets within Asia, but in 2025, they expanded their focus to include European governmental organizations and a university in South Africa. Webworm is distinguished by its continuously evolving toolkit, including the development of custom backdoors that leverage legitimate communication services such as Discord and Microsoft Graph API for command and control. The group also utilizes GitHub repositories for staging malware and has been observed abusing compromised Amazon Web Services S3 buckets for data exfiltration and storing configurations. They employ a range of custom proxy solutions to establish and maintain hidden networks, showcasing a persistent effort to adapt their methods and evade detection.