[MART] - Daily Diary #589 - Worok Targets High-Profile Entities

ctas-mat at appgate.com ctas-mat at appgate.com
Tue Sep 6 22:47:11 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

09/06/2022 - Diary entry #589:

Recently, a previously unknown cyber espionage group active since at least 2020 and tracked as "Worok" was observed attacking multiple high-profile targets using undocumented tools. Worok has been targeting telecommunications, banking, maritime, and energy companies, as well as the military, government, and public sector entities in Asia, Africa, and the Middle East.

Named Worok after a mutex found in a loader, this group was then linked to more activity with variants of the same tools used by the China-linked TA428 APT group (a.k.a. Colourful Panda, BRONZE DUDLEY – mentioned on Daily Diary #254). Worok's malicious toolkit includes two loaders, a C++ loader known as CLRLoad and a C# loader called PNGLoad that help attackers hide malware payloads in PNG image files using steganography.

Although the group used ProxyShell exploits to gain initial access to their victims' networks, the initial access vector remains unknown for most of their breaches. For this reason, it is important to take into account its level of danger, since Worok develops its own tools and takes advantage of existing tools.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>


Malware Analysis and Research Team


E: ctas-mat at appgate.com<mailto:ctas-mat at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220906/e8db6e60/attachment.htm>

More information about the MART mailing list