AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Kapeka: the new cyber threat from Russia

Discovering and analyzing a new global cybersecurity challenge

The Kapeka backdoor, identified by WithSecure, is a threat to Windows, linked to the Sandworm group. It disguises itself as a Word add-in and handles malicious operations remotely.

This pill is also available in Italian language

Recently discovered by the Finnish company WithSecure, the Kapeka backdoor, also known as KnuckleTouch by Microsoft, has a significant impact on Windows operating systems. This cyber threat, linked to the Russian-affiliated Sandworm APT group, operates mainly in Eastern Europe, with attacks recorded in Estonia and Ukraine since mid-2022. Kapeka is characterized by its versatility, being capable of acting both as an initial tool for cyber-attacks and as persistent remote access to victims' assets.

Technical details and use of Kapeka in cyber attacks

The Kapeka backdoor is implemented as a Windows DLL written in C++, featuring advanced command and control (C2) functionality. This malicious module disguises itself as an add-in for Microsoft Word to avoid detection, executing multi-threaded operations to effectively handle commands received from the C2 server. Its capabilities include reading and writing files, executing shell commands, and self-management through updates or autonomous uninstallation, thus increasing its stealth and efficiency in cyber espionage attacks or ransomware distribution.

Relationships between Kapeka and other malware families

WithSecure highlighted links between Kapeka and other well-known malware families such as GreyEnergy and BlackEnergy, indicating a possible evolution within Sandworm's strategy. Furthermore, a similarity in attack techniques was observed linking Kapeka to recent ransomware campaigns, such as that of Prestige. These associations suggest that Sandworm's arsenal is continually evolving, refining existing tools or developing new ones to increase the effectiveness of attacks.

Tips for protecting against the Kapeka threat

Microsoft has detected the use of "living-off-the-land" techniques, such as using the certutil utility to recover the dropper from compromised websites, emphasizing the importance of a proactive strategy in cybersecurity. It is essential to keep systems updated and conduct regular checks on codes and configurations. Promoting security awareness within organizations is crucial to mitigating the risk of infection from malware like Kapeka and protecting sensitive data and critical infrastructure.

Follow us on WhatsApp for more pills like this

04/23/2024 18:26

Editorial AI

Last pills

Large-scale data leak for Dell: impacts and responsesData of 49 million users exposed: IT security and privacy concerns

Microsoft strengthens cybersecurityNew policies and accountability measures to strengthen cybersecurity at Microsoft

"Emerging Threat: Social Media Platforms Vulnerable to New Exploit"New critical exploit discovered that threatens the security of millions of users of social platforms

Critical VPN flaw discovered: the TunnelVision attackA new type of DHCP attack threatens the security of VPN networks by exposing user data