Kapeka

Malware Profile Updated 2 days ago
Download STIX
Preview STIX
Kapeka is a previously unknown backdoor malware linked to the Russian Advanced Persistent Threat (APT) group known as Sandworm. Discovered in 2022, Kapeka has been used in attacks against Eastern Europe, particularly targeting water supply facilities. The malware operates as a Windows DLL with a single exported function, allowing it to infiltrate systems often undetected. This stealthy approach has enabled it to compromise at least three supply chains across Ukraine, according to Kyiv's primary incident response team. The cybersecurity firm WithSecure noticed overlaps between Kapeka and other malicious programs such as GreyEnergy and the Prestige ransomware. These connections further solidify the attribution of Kapeka to the Sandworm APT group, which is known for its disruptive cyber operations. The backdoor's sophisticated design and deployment suggest a high level of technical capability on the part of the threat actors involved. Despite its relative novelty, Kapeka has already had significant impacts. In one notable instance, a French hospital was forced to reschedule procedures following a cyberattack. As a result of these ongoing threats, cybersecurity teams worldwide are working diligently to understand Kapeka better and develop effective countermeasures. The discovery of this new backdoor underscores the evolving nature of cyber threats and the importance of robust cybersecurity defenses.
What's your take? (Question 1 of 5)
d167a61d-069d-43eb-a72e-49f60acd74ef Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Prestige
2
Prestige is a type of malware attributed to the Russia-linked Advanced Persistent Threat (APT) group, Sandworm. This malicious software was used in ransomware attacks against Ukrainian and Polish logistics companies in October 2022. The deployment of Prestige coincided with reported instances of ran
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Dropper
Malware
Vulnerability
Apt
Windows
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
BlackEnergyis related to
4
BlackEnergy is a potent malware toolkit that has been utilized by criminal and Advanced Persistent Threat (APT) actors since 2007. Its destructive capabilities were notably demonstrated in Ukraine where it was used for cyber-espionage, compromising industrial control systems, and launching attacks a
GreyEnergyis related to
3
GreyEnergy is a type of malware, or malicious software, designed to exploit and damage computer systems. It is believed to have been used in attacks on Ukraine's power grid in 2018 by the Russia-linked Advanced Persistent Threat (APT) group, Sandworm. Security firm WithSecure has identified overlaps
Prestige RansomwareUnspecified
2
The Prestige ransomware is a type of malware that had not been observed by Microsoft prior to its deployment. It is a malicious software designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. Once inside a system, it can steal personal
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Sandwormis related to
3
Sandworm is a threat actor, often linked to Russia, known for its high-profile cyber attacks. The group gained notoriety for compromising 11 Ukrainian telecommunications providers and infiltrating Ukraine's telecom giant Kyivstar for months. In addition, Sandworm was responsible for disrupting power
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Kapeka Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
a month ago
Previously unknown Kapeka backdoor linked to Sandworm APT
BankInfoSecurity
a month ago
Likely Sandworm Hackers Using Novel Backdoor 'Kapeka'
DARKReading
a month ago
Dangerous New ICS Malware Targets Orgs in Russia and Ukraine
Securityaffairs
a month ago
Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity
a month ago
Breach Roundup: LabHost Phishing-as-a-Service Site Goes Down
BankInfoSecurity
a month ago
Ukrainian Energy Sector Under Cyber Siege by Russian Hackers
Securityaffairs
23 days ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity
a month ago
Breach Roundup: LabHost Goes Down
Securityaffairs
2 days ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION