A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Squid Werewolf cyber spies masquerade as recruiters
March 12, 2025
Espionage activity clusters may pose as recruiters to distribute phishing emails, targeting key employees in organizations of interest. In December 2024, the BI.ZONE Threat Intelligence team uncovered a peculiar phishing campaign aimed at luring victims with fake job opportunities at an industrial organization. A detailed analysis revealed that the attack had been carried out by Squid Werewolf ...
- Apple Releases Security Updates for Multiple Products
March 12, 2025
Apple has released security updates to address an exploited vulnerability in multiple Apple products. CVE-2025-24201 is an ‘out-of-bounds write’ vulnerability that could allow an attacker with maliciously crafted web content to break out of Web Content sandbox. The security update addressing CVE-2025-24201 is a supplementary fix for an exploited vulnerability that was addressed in iOS 17.2. ...
- Ohio: Cleveland Municipal Court reopens after cyber attack
March 12, 2025
Cleveland Municipal Court is back open after a cyber attack forced a multi-week shutdown. Details have been limited about the incident itself, but court visitors said it’s caused a frustrating delay. Most operations have been suspended since Feb. 23 when the court discovered it was the victim of a cyber attack. Read more… Source: News 5 Cleveland Sign up ...
- India arrests man accused of running $96 billion crypto exchange at request of US
March 12, 2025
Indian authorities have arrested a Lithuanian man wanted by the US for allegedly running a $96 billion cryptocurrency exchange that allowed terrorist organizations, drug traffickers and cybercriminals to launder money. The arrest caps an intense US-led manhunt for Aleksej Besciokov, that escalated last week with the seizure of the crypto exchange, the freezing of $26 million ...
- Bank Of America Alerts Customers To Data Breach, Offers Identity Theft Protection For Affected Accounts
March 11, 2025
The Bank of America has alerted a small group of its customers about a data breach that may have exposed confidential information. The breach, which took place on December 30, was a result of improper handling of confidential documents by a third-party document destruction service provider. The breach could have potentially exposed sensitive data, including personal ...
- Thousands of TP-Link routers have been infected by a botnet to spread malware
March 11, 2025
According to a new report from the Cato CTRL team, the Ballista botnet exploits a remote code execution vulnerability that directly impacts the TP-Link Archer AX-21 router. The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity ...