Security News > 2022 > September > New Worok cyber-espionage group targets governments, high-profile firms
A newly discovered cyber-espionage group has been hacking governments and high-profile companies in Asia since at least 2020 using a combination of custom and existing malicious tools.
The threat group, tracked as Worok by ESET security researchers who first spotted it, has also attacked targets from Africa and the Middle East.
To date, Worok has been linked to attacks against telecommunications, banking, maritime, and energy companies, as well as military, government, and public sector entities.
In late 2020, Worok targeted a telecommunications company in East Asia, a bank in Central Asia, a maritime industry company in Southeast Asia, a government entity in the Middle East, and a private company in southern Africa.
While there have been no sightings until February 2022, ESET once again linked the group with new attacks against an energy company in Central Asia and a public sector entity in Southeast Asia.
While ESET is yet to retrieve one of the final payloads delivered in the group's attacks, it did spot a new PowerShell backdoor dubbed PowHeartBeat, which replaced CLRLoad in incidents observed since February 2022 as the tool designed to launch PNGLoad on compromised systems.
News URL
Related news
- Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign' (source)
- FBI confirms China-linked cyber espionage involving breached telecom providers (source)
- Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks (source)
- Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage (source)