A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- ASD: Careful Adoption of Agentic AI Services
May 1, 2026
Agentic artificial intelligence (AI) systems increasingly operate across critical infrastructure and defence sectors and support mission-critical capabilities. As agentic AI systems play a growing operational role, it is crucial for defenders to implement security controls to protect national security and critical infrastructure from agentic AI-specific risks. Agentic AI can automate repetitive, well-defined and low-risk tasks. However, ...
- French prosecutors link 15-year-old to mega-breach at state’s secure document agency
April 30, 2026
French prosecutors say police detained a 15-year-old on April 25 over the alleged theft of millions of records from France Titres (ANTS), the agency handling secure documents. The Paris Prosecutor’s Office announced on Thursday that the minor, suspected of using the online alias “breach3d” and not named because French law protects minors, faces two computer crime ...
- Silver Fox uses new ABCDoor backdoor to target organisations in Russia and India
April 30, 2026
In December 2025, Kaspersky researchers detected a wave of malicious emails designed to look like official correspondence from the Indian tax service. A few weeks later, in January 2026, a similar campaign began targeting Russian organizations. Kaspersky have attributed this activity to the Silver Fox threat group. Both waves followed a nearly identical structure: phishing emails ...
- Copy Fail vulnerability allows attackers to gain root access on virtually any modern Linux distribution
April 30, 2026
A working exploit written in Python (later released in other programming languages as well) consists of about ten lines of code and uses standard system calls that are indistinguishable from normal system activity. Kaspersky explain what the CVE-2026-31431 vulnerability, unofficially named as Copy Fail and published on April 29, is. Kaspersky also have some advice on ...
- Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
April 30, 2026
Through ongoing analysis of ShadowPad implants targeting South and Southeast Asia, TrendAI Research has uncovered a series of new related campaigns that are tracked under a temporary intrusion set (a provisional cluster of related activity pending formal attribution) designated SHADOW-EARTH-053, which we assess to be aligned with China’s broader strategic interests. Trend Micro telemetry indicates that ...
- Hackers stole hundreds of thousands of Roblox accounts
April 30, 2026
More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date. Between October 2025 and January 2026, the hacking group is said to have compromised over 610,000 Roblox accounts, including at least 357 ...