Malware developed by a group linked to Russian intelligence has been detected in Estonia. This computer program would also target Ukraine and other Eastern European countries.
Russian intelligence continues to infiltrate European networks. This April 17, the cybersecurity company WithSecure reveals on his blog the existence of new malware designed by Russian intelligence and called “Kapeka”. This would be a backdoor, a hidden door, designed to provide discreet access to targeted computers, in order to spy on them or install other malicious programs. There is a good chance that previous versions of this backdoor have been used to deploy ransomware.
Advertisement
Kapeka was first discovered in mid-2023 in the system of an Estonian company. Information about this threat has been shared with Tallinn.
“ We noticed that this type of backdoor was quite rare. Tracing our research and that of the Microsoft teams, we noticed similar scripts with programs used by Sandworm, a group linked to Russian intelligence, to deploy ransomware on logistics companies in Poland, Ukraine », Explains Mohammad Kazem Hassan Nejad, researcher at WithSecure.
Why deploy ransomware, which is commonly used by cybercriminals to paralyze systems and demand ransoms? “ Sandworm is known for its destructive attacks. Rather than launching wipers, software programmed to destroy everything, intelligence-linked hackers cast doubt on their identity by using cybercriminal tools », Comments the cyber specialist.
Sandworm is behind historic cyberattacks, such as those against the Ukrainian energy network, the Winter Olympics in South Korea, and spying on the International Criminal Court.
Advertisement
The same types of cyberattacks found in Ukraine
Once deployed, this backdoor collects information about the infected machine and its user. It can also launch other programs and update its own features, allowing hackers to first infect a series of targets and only release a more complete version if the victim is deemed high value.
According to the report, the development of Kapeka follows the ongoing war in Ukraine “ where victims were detected “. The backdoor has likely already been used in destructive attacks, including against companies in Central and Eastern Europe, which have been heavily targeted by Russian intelligence since the February 2022 invasion of Ukraine.