A Finnish cybersecurity firm said on Wednesday it had discovered previously unknown malware that installs a virtual backdoor in certain Windows systems and makes them vulnerable to attack.
The malware, codenamed Kapeka, could be linked to the Russian hacker group Sandworm, which is operated by the Russian military intelligence service (GRU), the company WithSecure said.
Sandworm is particularly notorious for its attacks against Ukraine's power grid.
WithSecure's findings were confirmed by Microsoft, which labels the malware KnuckleTouch.
Rüdiger Trost, security expert at WithSecure, described the discovery as a "major blow to Russia, which used this backdoor in Ukraine and Eastern Europe."
"With the discovery, the Russian secret service now lacks an important backdoor, as the loopholes that have now been created will be found and closed in a short space of time," he said.
As a result, Russia is losing clout in the cyberwar that accompanies the conventional Russia-Ukraine war, Trost said.
WithSecure said the malware disguises itself as an add-on for Microsoft Word. The backdoor is not distributed en masse, but in a targeted manner.
The attack tool is said to have been used in Eastern Europe since mid-2022.