A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Thousands of GPS tracking customers have info leaked following data breach
December 19, 2024
Hapn, a company that sells GPS tracking hardware and software, is reportedly spilling sensitive user information online, and is not responding to researcher alerts or media inquiries, experts have claimed. In late November 2024, a security researcher reached out to TechCrunch, saying they observed a bug in Hapn’s website, which allows malicious actors to view the ...
- Attackers exploiting a patched FortiClient EMS vulnerability in the wild
December 19, 2024
During a recent incident response, Kaspersky’s GERT team identified a set of TTPs and indicators linked to an attacker that infiltrated a company’s networks by targeting a Fortinet vulnerability for which a patch was already available. This vulnerability is an improper filtering of SQL command input making the system susceptible to an SQL injection. It specifically ...
- Lazarus group evolves its infection chain with old and new malware
December 19, 2024
Over the past few years, the Lazarus group has been distributing its malicious software by exploiting fake job opportunities targeting employees in various industries, including defense, aerospace, cryptocurrency, and other global sectors. This attack campaign is called the DeathNote campaign and is also referred to as “Operation DreamJob”. Kaspersky researchers have previously published the history of ...
- U.S. Considers Ban On Chinese Made TP-Link Routers
December 18, 2024
The United States government is taking aim at TP-Link, a Chinese technology company that dominates the home and small-business router market in the U.S., amid mounting national security concerns. With TP-Link holding a significant 65% market share, federal authorities are investigating potential vulnerabilities in the company’s devices that could be exploited by foreign entities for cyberattacks. Read ...
- How the ransomware attack at Change Healthcare went down – a timeline
December 18, 2024
A ransomware attack earlier this year on UnitedHealth-owned health tech company Change Healthcare likely stands as one of the largest data breaches of U.S. health and medical data in history. Months after the February data breach, a “substantial proportion of people living in America” are receiving notice by mail that their personal and health information was ...
- New Gmail Security Warning For 2.5 Billion – Second Attack Wave Incoming
December 18, 2024
As it issues a warning that a second wave of cyber threats against Gmail users is incoming from very persistent attackers, Google has detailed the specific attack methodologies involved and recommended actions that all 2.5 billion Gmail users employ to stay safe and secure. Here’s what you need to know. Although when compared to last year, ...