Russia is increasingly preparing for cyber attacks against the West. Now Finnish experts have discovered a new dangerous backdoor for Windows systems that is apparently controlled by Russian intelligence.
The Finnish security company WithSecure says it has discovered a new type of malware that is being used as a backdoor for attacks on certain Windows systems. The malware, which IT security experts have dubbed “Kapeka,” could give the attackers long-term access to the victim’s system.
The security company attributes the malware to the Russian cyberattack group “Sandworm,” which is operated by the headquarters of the Russian Military Intelligence Service (GRU). “Sandworm” is particularly notorious for its destructive attacks against Ukraine.
Microsoft confirms the existence of the malware
WithSecure’s findings were confirmed by Microsoft. The US software company runs the malware under the name “KnuckleTouch”.
Rüdiger Trost, security expert at WithSecure, viewed the discovery as a “big blow against Russia, which has used this back door in Ukraine and Eastern Europe.” “With the revelation, the Russian secret service is now missing an important back door, because the loopholes that have now been set up will now be found and closed in a short time.” Russia is thus losing its effectiveness in the cyber war that accompanies the conventional Russia-Ukraine war, said Trost.
Targeted and tailor-made tool
According to further information from WithSecure, the malware disguises itself as an extension (“add-in”) for the Microsoft word processor Word. The backdoor is not distributed on a mass scale, but rather in a very targeted manner. “The ‘Kapeka’ backdoor (…) is likely a tailor-made tool used in limited-scale attacks,” said Mohammad Kazem Hassan Nejad, security researcher at WithSecure Intelligence.
The attack tool has been used in Eastern Europe since mid-2022.