Worok Hackers Target High-Profile Asian Companies and Governments

2022-09-06 12:29

High-profile companies and local governments located primarily in Asia are the subjects of targeted attacks by a previously undocumented espionage group dubbed Worok that has been active since late 2020.

"Worok's toolset includes a C++ loader CLRLoad, a PowerShell backdoor PowHeartBeat, and a C# loader PNGLoad that uses steganography to extract hidden malicious payloads from PNG files," ESET researcher Thibaut Passilly said in a new report published today.

Worok is said to share overlaps in tools and interests with another adversarial collective tracked as TA428, with the group linked to attacks against entities spanning energy, financial, maritime, and telecom sectors in Asia as well as a government agency in the Middle East and a private firm in southern Africa.

The Slovak cybersecurity firm assessed the group's goals to be aligned with information theft.

Among the tools in Worok's malware arsenal is a first-stage loader called CLRLoad, which is succeeded by a.NET-based steganographic loader codenamed PNGLoad that's capable of executing an unknown PowerShell script embedded in a PNG image file.

"Worok is a cyber espionage group that develops its own tools, as well as leveraging existing tools, to compromise its targets," Passilly said.

News URL

https://thehackernews.com/2022/09/worok-hackers-target-high-profile-asian.html

#hacker