Malicious software code developed by a group linked to Russian intelligence was discovered in Estonia. This computer program is also targeting Ukraine and other Eastern European countries, GD reports.

Russian intelligence continues to infiltrate European networks. On April 17 of this year, WithSecure reported the existence of new malicious software created by Russian intelligence. The new software is called "Kapeka." It is designed for covert access to target computers for the purpose of espionage or the installation of other malicious programs. There is a high probability that previous versions of this software were used for deploying ransomware programs.

"We noticed that this type of software is quite rare. In our research and in research by Microsoft teams, we observed similar scenarios with programs used by the Sandworm group, linked to Russian intelligence, for deploying ransomware programs in logistics companies in Poland, Ukraine," explains Mohammad Kazem Hassan Nejad, a researcher at WithSecure.

Why deploy ransomware programs, which are usually used by cybercriminals to paralyze systems and demand ransom?

"Sandworm is known for its destructive attacks. Instead of launching wiping programs, software programmed to destroy everything, hackers associated with intelligence cast doubt on their identity by using cybercriminal tools," comments a cybersecurity expert.

Sandworm is behind historic cyberattacks, such as attacks on the Ukrainian power grid, the Winter Olympics in South Korea, and espionage against the International Criminal Court.

Similar types of cyberattacks have been discovered in Ukraine. After deploying this software, information about the infected machine and its user is collected. It can also execute other programs and update its own functions, allowing hackers to initially infect a range of targets and release a more comprehensive version if the victim is deemed high-value.

According to the report, the development of "Kapeka" follows the ongoing war in Ukraine, "where victims have been discovered." Most likely, the software has already been used in destructive attacks, including attacks on companies in Central and Eastern Europe, which have been heavily targeted by Russian intelligence since the invasion of Ukraine in February 2022.