By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Security Parrot - Cyber Security News, Insights and ReviewsSecurity Parrot - Cyber Security News, Insights and Reviews
Notification
Latest News
Malicious WhatsApp spreads through legitimate applications
October 16, 2022
Scammers fake Windows problems, forcing users to call them back
October 15, 2022
Another 0-day bug has been found in Microsoft Exchange, and LockBit ransomware operators are exploiting it
October 15, 2022
Microsoft has fixed more than 80 vulnerabilities, but there are still no patches for ProxyNotShell
October 14, 2022
Roskomnadzor regularly updates the list of blocked VPN services
October 14, 2022
Aa
  • News
  • Tutorials
  • Security InsiderComing Soon
  • Expert InsightComing Soon
Reading: Worok hacking group targets Asian governments and companies
Share
Security Parrot - Cyber Security News, Insights and ReviewsSecurity Parrot - Cyber Security News, Insights and Reviews
Aa
Search
  • News
  • Tutorials
  • Security InsiderComing Soon
  • Expert InsightComing Soon
Follow US
Security Parrot - Cyber Security News, Insights and Reviews > News > Worok hacking group targets Asian governments and companies
News

Worok hacking group targets Asian governments and companies

Last updated: 2022/09/08 at 4:43 PM
Security Parrot Editorial Team Published September 9, 2022
Share
SHARE

ESET analysts have discovered the Worok cyber-espionage group, which has been active since at least 2020. These hackers mainly attack government agencies and well-known companies in Asian countries, but sometimes organizations from Africa and the Middle East become their targets.

To date, Worok has been linked to attacks on telecommunications, banking, maritime and energy companies, as well as military, government and public organizations. For example, in late 2020, Worok attacked an unnamed telecommunications company in East Asia, a bank in Central Asia, a shipping company in Southeast Asia, a government agency in the Middle East, and a private company in southern Africa, according to researchers.

Now, ESET is crediting the group with new attacks on an energy company in Central Asia and a public sector organization in Southeast Asia.

“We believe that malware operators are hunting for the information of their victims because they focus on large organizations in Asia and Africa and attack various sectors, both private and public, but place a special emphasis on government structures,” the experts write.

While hackers have occasionally used exploits for the ProxyShell issue to gain initial access to their victims’ networks, in general the initial penetration vector remains unknown for most incidents.

“As a rule, after the exploitation of vulnerabilities, web shells were loaded in order to gain a foothold in the victim’s network. The attackers then used various implants to gain additional capabilities, ”the report says.

The Worok malware toolkit includes two loaders: a C++ loader known as CLRLoad, and a C# loader called PNGLoad, which helps attackers hide payloads in PNG image files using steganography.

Although ESET experts have not yet studied the final payloads of the group, during the investigation of the attacks, they discovered a new PowerShell backdoor, which they called PowHeartBeat. Since February 2022, it has replaced CLRLoad and is now used as a tool designed to run PNGLoad on compromised systems.

PowHeartBeat has a wide range of capabilities, including manipulating files, executing commands and processes, and uploading and downloading files to or from victims’ devices.

“Although our visibility is limited for now, we hope that by shedding light on this group, we will encourage other researchers to share information about Worok,” ESET experts summarize.

According to the researchers, Worok may be associated with the Chinese hack group TA428, but experts are not yet completely sure about this.

Weekly Updates For Our Loyal Readers!

Security Parrot Editorial Team September 9, 2022
Share this Article
Facebook Twitter Email Copy Link Print

Archives

  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020

You Might Also Like

News

Malicious WhatsApp spreads through legitimate applications

October 16, 2022
News

Scammers fake Windows problems, forcing users to call them back

October 15, 2022
News

Another 0-day bug has been found in Microsoft Exchange, and LockBit ransomware operators are exploiting it

October 15, 2022
News

Microsoft has fixed more than 80 vulnerabilities, but there are still no patches for ProxyNotShell

October 14, 2022

© 2022 Parrot Media Network. All Rights Reserved.

  • Home
  • Parrot Media Group
  • Privacy Policy
  • Terms and Conditions
Join Us!

Subscribe to our newsletter and never miss our latest news, podcasts etc..

Zero spam, Unsubscribe at any time.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?