One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8487526 |
| Date de publication | 2024-04-23 16:31:06 (vue: 2024-04-23 17:08:00) |
| Titre | KAPEKA: Un roman de porte dérobée repérée en Europe de l'Est Kapeka: A Novel Backdoor Spotted in Eastern Europe |
| Texte | #### Géolocations ciblées
- Ukraine
- Estonie
- L'Europe de l'Est
## Instantané
WithSeCure a publié des recherches sur une porte dérobée appelée "Kapeka", suivie par Microsoft comme "Knuckletouch", utilisée dans les attaques en Europe de l'Est depuis la mi-2022.Kapeka fonctionne comme une porte dérobée polyvalente, offrant à la fois des capacités initiales de boîte à outils et un accès à long terme aux victimes.Sa sophistication suggère une implication par un groupe APT.Withsecure relie Kapeka à Sandworm, suivi par Microsoft en tant que Seashell Blizzard, un groupe de menaces russes de l'État-nation russe associé au GRU connu pour ses attaques destructrices en Ukraine.
**Microsoft tracks Sandworm as Seashell Blizzard.** [Read more about Seashell Blizzard here.](https://sip.security.microsoft.com/intel-profiles/cf1e406a16835d56cf614430aea3962d7ed99f01ee3d9ee3048078288e5201bb)
** Microsoft suit Kapeka comme Knuckletouch.** [En savoir plus sur Knuckletouch ici.] (Https: // sip.security.microsoft.com/intel-profiles/cdbe72d9f5f1ee3b3f8cd4e78a4a07f76addafdcc656aa2234a8051e8415d282)
## Description
Kapeka chevauche WIth Greynergy et Prestige Ransomware Attacks, tous attribués à Sandworm.Withsecure évalue qu'il est probable que Kapeka soit un ajout récent à l'arsenal de Sandworm \\.Le compte-gouttes du malware \\ installe la porte dérobée, collectionne la machine et les informations utilisateur pour l'acteur de menace.Cependant, la méthode de la distribution de Kapeka \\ reste inconnue.
L'émergence de Kapeka \\ coïncide avec le conflit de Russie-Ukraine, suggérant des attaques ciblées à travers l'Europe centrale et orientale depuis 2022. Il peut être impliqué dans le déploiement de ransomware de prestige à la fin de 2022. Kapeka est spéculé pour succéder à Greyenergy dans Sandworm \\Toolkit de, en remplacement éventuellement de BlackEnergy.
## Les références
[https://labs.withsecure.com/publications/kapeka
#### Targeted Geolocations - Ukraine - Estonia - Eastern Europe ## Snapshot WithSecure has published research about a backdoor called "Kapeka," tracked by Microsoft as "KnuckleTouch," used in attacks in Eastern Europe since mid-2022. Kapeka functions as a versatile backdoor, providing both initial toolkit capabilities and long-term access to victims. Its sophistication suggests involvement by an APT group. WithSecure links Kapeka to Sandworm, tracked by Microsoft as Seashell Blizzard, a notorious Russian nation-state threat group associated with the GRU known for destructive attacks in Ukraine. **Microsoft tracks Sandworm as Seashell Blizzard.** [Read more about Seashell Blizzard here.](https://sip.security.microsoft.com/intel-profiles/cf1e406a16835d56cf614430aea3962d7ed99f01ee3d9ee3048078288e5201bb) **Microsoft tracks Kapeka as KnuckleTouch. **[Read more about Knuckletouch here.](https://sip.security.microsoft.com/intel-profiles/cdbe72d9f5f1ee3b3f8cd4e78a4a07f76addafdcc656aa2234a8051e8415d282) ## Description Kapeka overlaps with GreyEnergy and Prestige ransomware attacks, all attributed to Sandworm. WithSecure assesses it\'s likely that Kapeka is a recent addition to Sandworm\'s arsenal. The malware\'s dropper installs the backdoor, collecting machine and user information for the threat actor. However, the method of Kapeka\'s distribution remains unknown. Kapeka\'s emergence coincides with the Russia-Ukraine conflict, suggesting targeted attacks across Central and Eastern Europe since 2022. It may have been involved in the deployment of Prestige ransomware in late 2022. Kapeka is speculated to succeed GreyEnergy in Sandworm\'s toolkit, possibly replacing BlackEnergy. ## References [https://labs.withsecure.com/publications/kapeka](https://labs.withsecure.com/publications/kapeka) |
| Envoyé | Oui |
| Condensat | #### **microsoft 2022 about access across actor addition all apt arsenal assesses associated attacks attributed backdoor been blackenergy blizzard both called capabilities central coincides collecting com/intel com/publications/kapeka conflict deployment description destructive distribution dropper eastern emergence estonia europe functions geolocations greyenergy group gru has have here however https://labs https://sip information initial installs involved involvement its kapeka kapeka: known knuckletouch late likely links long machine malware may method microsoft mid more nation notorious novel overlaps possibly prestige profiles/cdbe72d9f5f1ee3b3f8cd4e78a4a07f76addafdcc656aa2234a8051e8415d282 profiles/cf1e406a16835d56cf614430aea3962d7ed99f01ee3d9ee3048078288e5201bb providing published ransomware read recent references remains replacing research russia russian sandworm seashell security since snapshot sophistication speculated spotted state succeed suggesting suggests targeted term threat toolkit tracked tracks ukraine unknown used user versatile victims withsecure ** |
| Tags | Ransomware Malware Threat |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.