Worok Targeting Governments and Companies in Asia

Researchers from ESET discovered Worok, a cyber espionage group, last month. Worok used covert technology to penetrate several renowned businesses and local governments in Asia, the Middle East, and Africa.

According to ESET’s experts, Worok has been in business since 2020 and is still doing so now. It primarily targets companies in the public, military, governmental, banking, shipping, energy, and telecommunications industries. In late 2020, the Worok hackers were able to access a number of victims.

According to Worok’s discoverer, ESET researcher Thibaut Passilly, “we believe the malware operators are after information from their victims because they focus on high-profile entities in Asia and Africa, targeting various sectors, both public and private, but with a particular emphasis on government,”

Researchers discovered that Worok’s actions reappeared in February 2022, concentrating on a public sector organization in Southeast Asia and an energy company in Central Asia. This came after a protracted lull in recorded activity that lasted from May 2021 to January 2022.

The hacking collective creates its tools and makes use of those that already exist to breach its targets. The group’s unique toolkit consists of PowHeartBeat, a steganography loader, CLRLoad, and PNGLoad. These toolkits are used to rebuild harmful payloads that have been steganographically concealed in PNG pictures. This implies that a PNG picture is provided to the victim, and when they open it, their system is compromised. It can move, rename, and delete files in addition to returning file metadata including location, size, creation time, and content. It can also upload and download files.

Passilly stated, “While our exposure at this time is limited, we believe that bringing this group’s notice would encourage other academics to contribute to the body of information regarding this group.

Leave a Reply

Your email address will not be published. Required fields are marked *