"New Worok Cyber-Espionage Group Targets Governments, High-Profile Firms"
Since at least 2020, a newly discovered cyber-espionage group has been hacking governments and high-profile companies in Asia with a combination of custom and existing malicious tools. Worok, the threat group discovered by ESET security researchers, has also attacked targets in Africa and the Middle East. Worok has so far been linked to attacks on telecommunications, banking, maritime, and energy companies, as well as military, government, and public sector organizations. Worok targeted an East Asian telecommunications company, a Central Asian bank, a Southeast Asian maritime industry company, a Middle Eastern government entity, and a private company in southern Africa by late 2020. While there have been no sightings since February 2022, ESET has linked the group to new attacks against a Central Asian energy company and a public sector entity in Southeast Asia. Researchers believe the malware operators are looking for information from their victims because they target high-profile entities in Asia and Africa, going after various sectors, both private and public, but with a particular emphasis on government entities. Although the group used ProxyShell exploits to gain initial access to its victims' networks, the initial access vector for most of its breaches is unknown. Worok's malicious toolset includes two loaders, which are CLRLoad, a C++ loader, and PNGLoad, a C# loader that assists attackers in hiding malware payloads in PNG image files using steganography. This article continues to discuss the targets, tools, and tactics of the Worok cyber-espionage group.
Bleeping Computer reports "New Worok Cyber-Espionage Group Targets Governments, High-Profile Firms"