"Major blow"
Russian-controlled Windows malware discovered
The security company WithSecure has discovered previously unknown malware that installs a virtual backdoor in certain Windows systems and makes them vulnerable to cyberattacks. The malware, codenamed "Kapeka", could be linked to the Russian threat group "Sandworm", which is operated by the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), the Finnish company explained.
"Sandworm" is particularly notorious for its destructive attacks against Ukraine. WithSecure's findings were confirmed by Microsoft. The US software company lists the malware under the name "KnuckleTouch".
"Major blow against Russia"
Rüdiger Trost, security expert at WithSecure, described the discovery as a "major blow against Russia". With the discovery, the Russian secret service now lacks an important backdoor. "Because the loopholes that have now been created will be found and closed within a short space of time." Trost said that Russia was thus losing clout in the cyber war that accompanies the conventional Russia-Ukraine war.
Customized tool
According to further information from WithSecure, the malware disguises itself as an add-in for the Microsoft word processor Word. The backdoor is not distributed en masse, but in a very targeted manner. "The Kapeka backdoor (...) is probably a customized tool that is used in attacks with a limited scope," said Mohammad Kazem Hassan Nejad, security researcher at WithSecure Intelligence. The attack tool had been used in Eastern Europe since mid-2022.
Da dieser Artikel älter als 18 Monate ist, ist zum jetzigen Zeitpunkt kein Kommentieren mehr möglich.
Wir laden Sie ein, bei einer aktuelleren themenrelevanten Story mitzudiskutieren: Themenübersicht.
Bei Fragen können Sie sich gern an das Community-Team per Mail an forum@krone.at wenden.