Internet
Backdoor for Windows: Russian malware discovered
Windows users beware: Finnish security researchers have discovered a dangerous backdoor for Windows systems. photo
© Karl-Josef Hildenbrand/dpa
In cyber warfare, weapons that have not yet been discovered are particularly effective. Now Finnish security researchers have found a dangerous backdoor for Windows systems.
The security company WithSecure has a previously unknown one Malware has been discovered that installs a virtual backdoor in certain Windows systems and makes them vulnerable to cyber attacks. The malware, codenamed “Kapeka”, could be linked to the Russian threat group “Sandworm”, which is operated by the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), the Finnish company said.
“Sandworm” is particularly notorious for its destructive attacks against Ukraine. WithSecure’s findings were confirmed by Microsoft. The US software company runs the malware under the name “KnuckleTouch”. Rüdiger Trost, security expert at WithSecure, viewed the discovery as a “big blow against Russia, which has used it as a back door in Ukraine and Eastern Europe.”
“With the revelation, the Russian secret service is now missing an important back door, because the loopholes that have now been set up will now be found and closed in a short time.” Russia is thus losing its effectiveness in the cyber war that accompanies the conventional Russia-Ukraine war, said Trost.
According to further information from WithSecure, the malware disguises itself as an extension (“add-in”) for the Microsoft word processor Word. The backdoor is not distributed on a mass scale, but rather in a very targeted manner. “The Kapeka backdoor (…) is likely a tailor-made tool used in limited-scale attacks,” said Mohammad Kazem Hassan Nejad, security researcher at WithSecure Intelligence. The attack tool has been used in Eastern Europe since mid-2022.