Tag: Russian APT

Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks
News

Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks

From at least mid-2022, a hitherto unreported "flexible" backdoor known as Kapeka has been "sporadically" seen in cyberattacks directed towards Eastern Europe, particularly Estonia and Ukraine. The malware was related to the Russia-affiliated advanced persistent threat (APT) organization identified as Sandworm (also known as APT44 or Seashell Blizzard), according to research by Finnish cybersecurity company WithSecure. The same malware is being monitored by Microsoft under the handle KnuckleTouch. According to security expert Mohammad Kazem Hassan Nejad, "the malware […] is a flexible backdoor with all the necessary functionalities to serve as an early-stage toolkit for its operators and also to provide long-term access to the victim estate." A dropper built into Kapeka is intend...