Two dangerous malware tools targeted at industrial control systems (ICS) and operating technology (OT) environments in Europe are the latest manifestations of the cyber fallout from the war in Ukraine.
One of the tools, dubbed “Kapeka,” appears linked to Sandworm, a prolific Russian state-backed threat actor that Google’s Mandiant security group this week described as the country’s primary cyberattack unit in Ukraine. Security researchers from Finland-based WithSecure spotted the backdoor featured in 2023 attacks against an Estonian logistics company and other targets in Eastern Europe and perceive it as an active and ongoing threat.
