"Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks"

Since mid-2022, a previously unknown backdoor called "Kapeka" has been used in cyberattacks targeting Eastern Europe, including Estonia and Ukraine. WithSecure attributes the malware to the Russia-linked Advanced Persistent Threat (APT) group "Sandworm," also known as APT44 or Seashell Blizzard. According to security researcher Mohammad Kazem Hassan Nejad, the malware serves as an early-stage toolkit for its operators as well as provides long-term access. Kapeka includes a dropper that launches and executes a backdoor component on the infected host. The dropper also establishes persistence for the backdoor, which can be done via a scheduled task or an autorun registry, depending on whether the process has SYSTEM privileges. This article continues to discuss findings regarding the Kapeka backdoor. 

THN reports "Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks"

Submitted by grigby1

 

 

Submitted by Gregory Rigby on