Researchers believe that the malware is the successor to GreyEnergy and BlackEnergy.
Finnish cybersecurity company WithSecure has announced a new threat in the field of cybersecurity, revealing malware called Kapeka in cyberspace. This program has been used for attacks in Central and Eastern Europe since mid-2022.
According to the researchers, Kapeka was developed by the Sandworm hacker group and is designed to actively conduct espionage operations. The program provides long-term access to infected systems by collecting information about infected devices and their users.
An analysis conducted by WithSecure showed that Kapeka was used to implement the Prestige ransomware program, aimed at the transport and logistics sector. Malware can perform many tasks, including reading files, executing commands, and extending its functions.
According to the researchers, Kapeka is also linked to other malicious Sandworm tools and can be considered the successor of such well-known viruses as GreyEnergy and BlackEnergy, which were used in the past to attack power systems.
Experts first discovered Kapeka in the middle of last year, when they analyzed an attack on a logistics company in Estonia that occurred at the end of 2022. In addition, it was confirmed that the same malware was seen in attacks on Poland and Ukraine.
Earlier, Microsoft also identified a similar malware called KnuckleTouch, and its use began around the same time. WithSecure has confirmed that KnuckleTouch and Kapeka are the same malware.
At the moment, information about the methods of distributing Kapeka, the actions of intruders and their goals remains unclear due to a lack of data. It remains to be seen whether Kapeka developers will release updated versions of the tool or develop new tools with similar features.
Finnish cybersecurity company WithSecure has announced a new threat in the field of cybersecurity, revealing malware called Kapeka in cyberspace. This program has been used for attacks in Central and Eastern Europe since mid-2022.
According to the researchers, Kapeka was developed by the Sandworm hacker group and is designed to actively conduct espionage operations. The program provides long-term access to infected systems by collecting information about infected devices and their users.
An analysis conducted by WithSecure showed that Kapeka was used to implement the Prestige ransomware program, aimed at the transport and logistics sector. Malware can perform many tasks, including reading files, executing commands, and extending its functions.
According to the researchers, Kapeka is also linked to other malicious Sandworm tools and can be considered the successor of such well-known viruses as GreyEnergy and BlackEnergy, which were used in the past to attack power systems.
Experts first discovered Kapeka in the middle of last year, when they analyzed an attack on a logistics company in Estonia that occurred at the end of 2022. In addition, it was confirmed that the same malware was seen in attacks on Poland and Ukraine.
Earlier, Microsoft also identified a similar malware called KnuckleTouch, and its use began around the same time. WithSecure has confirmed that KnuckleTouch and Kapeka are the same malware.
At the moment, information about the methods of distributing Kapeka, the actions of intruders and their goals remains unclear due to a lack of data. It remains to be seen whether Kapeka developers will release updated versions of the tool or develop new tools with similar features.
