Read Time:1 Minute, 40 Second

Researchers from ESET have lately identified targeted assaults utilising unknown tools against several well-known firms and local governments in Asia, the Middle East and Africa.

The Worok cyberespionage group, which ESET has recently discovered, is responsible for these attacks.

Worok has been active since 2020 and is still going strong today, based on ESET telemetry. Among the companies targeted were businesses from various sectors, including telecommunications, banking, maritime, energy, military, government, and public services. In some cases, Worok utilised ProxyShell’s now-infamous vulnerabilities to gain initial access.

“We think the malware authors are after information from their victims since they target high-profile folks in Asia and Africa, targeting a variety of industries, both private and public, but with a particular emphasis on government organisations,” said ESET’s Thibaut Passilly, who discovered Worok.

Worok was targeting governments and businesses in several countries, including a telecom firm in East Asia, a bank in Central Asia, and a maritime industry business in Southeast Asia, at the beginning of 2021.

In addition, the UN headquarters in Nairobi, 12 French schools, a government entity in the Middle East, and a private firm in southern Africa were targeted.

“In every campaign that we analysed, the attackers were after information. The focus on high-profile entities in Asia and Africa suggests that the attackers may be selling the information they collect on the black market or using it for their own political or economic gain,” said Passilly.

ESET discovered a significant drop in Worok activity from May 2021 to January 2022. Still, the group returned in February and targeted an energy company located in Central Asia and a public sector entity based in Southeast Asia.

Worok is a cyberespionage organisation that develops its tools and exploits existing tools to steal its victims’ data, according to ESET. The PowHeartBeat backdoor is included in the group’s custom toolkit, which consists of two loaders, CLRLoad and PNGLoad.

The public is urged to take caution against cyberattacks and be aware of the potential risks.

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Cybersecurity Professional Previous post Cybersecurity Professionals Are in High Demand, but Many Lack the Proper Skills
Kaspersky Next post Kaspersky Warns Banking Malware Throughout APAC