Gruppo ECP Advpress Automationtoday AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit Gruppo ECP Advpress Automationtoday AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Kapeka: the new cyber threat from Russia

Discovering and analyzing a new global cybersecurity challenge

The Kapeka backdoor, identified by WithSecure, is a threat to Windows, linked to the Sandworm group. It disguises itself as a Word add-in and handles malicious operations remotely.
This pill is also available in Italian language

Recently discovered by the Finnish company WithSecure, the Kapeka backdoor, also known as KnuckleTouch by Microsoft, has a significant impact on Windows operating systems. This cyber threat, linked to the Russian-affiliated Sandworm APT group, operates mainly in Eastern Europe, with attacks recorded in Estonia and Ukraine since mid-2022. Kapeka is characterized by its versatility, being capable of acting both as an initial tool for cyber-attacks and as persistent remote access to victims' assets.

Technical details and use of Kapeka in cyber attacks

The Kapeka backdoor is implemented as a Windows DLL written in C++, featuring advanced command and control (C2) functionality. This malicious module disguises itself as an add-in for Microsoft Word to avoid detection, executing multi-threaded operations to effectively handle commands received from the C2 server. Its capabilities include reading and writing files, executing shell commands, and self-management through updates or autonomous uninstallation, thus increasing its stealth and efficiency in cyber espionage attacks or ransomware distribution.

Relationships between Kapeka and other malware families

WithSecure highlighted links between Kapeka and other well-known malware families such as GreyEnergy and BlackEnergy, indicating a possible evolution within Sandworm's strategy. Furthermore, a similarity in attack techniques was observed linking Kapeka to recent ransomware campaigns, such as that of Prestige. These associations suggest that Sandworm's arsenal is continually evolving, refining existing tools or developing new ones to increase the effectiveness of attacks.

Tips for protecting against the Kapeka threat

Microsoft has detected the use of "living-off-the-land" techniques, such as using the certutil utility to recover the dropper from compromised websites, emphasizing the importance of a proactive strategy in cybersecurity. It is essential to keep systems updated and conduct regular checks on codes and configurations. Promoting security awareness within organizations is crucial to mitigating the risk of infection from malware like Kapeka and protecting sensitive data and critical infrastructure.

Follow us on Facebook for more pills like this

04/23/2024 18:26

Marco Verro

Last pills

Hidden vulnerability in Asus motherboards revealed by a New Zealand programmerCritical vulnerability discovered in DriverHub local server that allows malicious code to be executed with admin privileges, risks expanded on Asus desktops, laptops and motherboards

AnyProxy proxy network taken down: new era for global SOCKS botnet securityLearn how international collaboration and artificial intelligence are revolutionizing the fight against SOCKS botnets and ensuring more effective security for corporate networks

Cybersecurity of electricity grids: how cyber attacks are putting energy at risk in EuropeHow cyberattacks threaten energy security in Europe: techniques, consequences and innovative strategies to defend electricity grids

Google Drive blocked: the challenges of Piracy Shield and the implications of accidental lockdownHow a simple technical error blocked Google Drive in Italy, highlighting the critical issues in a fight against piracy involving tech giants and national institutions