We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Backdoor:Win64/KnuckleTouch.A!dha
Aliases: No associated aliases
Summary
Backdoor:Win64/KnuckleTouch.A!dha is the detection for a custom backdoor used since at least early to mid-2022 by the threat actor Microsoft tracks as Seashell Blizzard.
This trojan has been involved in multiple campaigns distributing ransomware. Once installed, attackers can use the trojan to perform various tasks, such as stealing credentials or other information, additional destructive attacks, and giving attackers remote access to your device.
Seashell Blizzard is a high-impact threat actor linked to the Russian Federation and conducts global activities on behalf of Russian Military Intelligence Unit 74455 (GRU). Active since at least 2013, Seashell Blizzard’s prolific operations have led to high-profile destructive attacks, such as KillDisk (2015) and FoxBlade (2022).
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
Devices infected by this trojan might be severely compromised and require complete restoration. Consider restoring your device. When restoring data, ensure that it is a clean, uninfected copy.