Kapeka

Malware Profile Updated 12 days ago

Download STIX

Preview STIX

Kapeka is a previously unknown backdoor malware that has been linked to the Russian Sandworm Advanced Persistent Threat (APT) group. As a malicious software, Kapeka is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites without the user's knowledge. Once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The malware was first discovered in 2022 when Kyiv's primary incident response team reported that the Russian threat actor had successfully compromised at least three supply chains across Ukraine using this backdoor. The vulnerability exposed by Kapeka enabled hackers to deploy additional malware known for attacks against water supply facilities. This discovery underscored the significant threat posed by the Sandworm APT group and its sophisticated cyber-espionage capabilities. Kapeka has since been spotted in various instances across Eastern Europe, further highlighting its widespread use and potential for damage. Cybersecurity experts continue to study this novel backdoor to better understand its mechanisms and devise effective countermeasures. The continued presence of Kapeka underscores the need for robust cybersecurity measures and vigilance against potential threats.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Prestige	2	Prestige is a type of malware attributed to the Russia-linked Advanced Persistent Threat (APT) group, Sandworm. This malicious software was used in ransomware attacks against Ukrainian and Polish logistics companies in October 2022. The deployment of Prestige coincided with reported instances of ran
Sandworm Apt	1	The Sandworm Advanced Persistent Threat (APT) group, a threat actor believed to be linked to Russia, has been identified as a significant cybersecurity concern. This entity has displayed malicious intent and demonstrated its capacity to execute sophisticated cyber-attacks. The naming convention "San

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Apt

Windows

Dropper

Vulnerability

Malware

Ransomware

Encryption

Russia

Ukraine

Zero Day

Exploit

Phishing

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
BlackEnergy	is related to	4	BlackEnergy is a potent malware toolkit that has been utilized by criminal and Advanced Persistent Threat (APT) actors since 2007. Its destructive capabilities were notably demonstrated in Ukraine where it was used for cyber-espionage, compromising industrial control systems, and launching attacks a
GreyEnergy	is related to	3	GreyEnergy is a type of malware, or malicious software, designed to exploit and damage computer systems. It is believed to have been used in attacks on Ukraine's power grid in 2018 by the Russia-linked Advanced Persistent Threat (APT) group, Sandworm. Security firm WithSecure has identified overlaps
Prestige Ransomware	Unspecified	2	The Prestige ransomware is a type of malware that had not been observed by Microsoft prior to its deployment. It is a malicious software designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. Once inside a system, it can steal personal

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Sandworm	is related to	3	Sandworm, a threat actor linked to Russia, has been implicated in numerous high-profile cyber attacks. This group's activities have primarily targeted Ukraine, compromising the country's critical infrastructure and telecommunications providers. The Sandworm group is known for its fileless attack met
FIN7	Unspecified	1	FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Kapeka Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
Securityaffairs	6 days ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	6 days ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	12 days ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	20 days ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	a month ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	a month ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	a month ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	2 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity	3 months ago	Ukrainian Energy Sector Under Cyber Siege by Russian Hackers
Securityaffairs	3 months ago	Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity	3 months ago	Breach Roundup: LabHost Phishing-as-a-Service Site Goes Down
BankInfoSecurity	3 months ago	Breach Roundup: LabHost Goes Down
Securityaffairs	3 months ago	Previously unknown Kapeka backdoor linked to Sandworm APT
DARKReading	3 months ago	Dangerous New ICS Malware Targets Orgs in Russia and Ukraine
BankInfoSecurity	3 months ago	Likely Sandworm Hackers Using Novel Backdoor 'Kapeka'