Worok uses mix of publicly available tools, custom malware to steal info, gang active since 2020

A cyberespionage group has targeted government agencies and big-name corporations throughout Asia since at least 2020, using the notorious ProxyShell vulnerabilities in Microsoft Exchange to gain initial access.…