A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- NotLockBit ransomware targets Apple users with advanced file-locking and data exfiltration
December 15, 2024
The recent discovery of macOS.NotLockBit suggests a shift in the landscape, as this newly identified malware, named after the notorious LockBit variant, could mark the beginning of more serious ransomware campaigns against Mac users. Ransomware targeting Mac devices tends to lack the necessary tools to truly lock files or exfiltrate data. The general perception has been ...
- Cyber attack may affect personal information of thousands of Rhode Islanders
December 13, 2024
A massive cyberattack could impact the personal information of hundreds of thousands of Rhode Islanders after hackers targeted a state contractor that stores health and personal data. Governor Dan McKee announced that the personal information of thousands was compromised in a cybersecurity attack. Anyone who has ever received or applied for health coverage or human service ...
- Six arrested in South Thailand for call centre scams and firearms
December 13, 2024
Police apprehended six people suspected of being involved in call centre scams and the illegal trade of firearms. The Cyber Crime Investigation Bureau (CCIB) announced the arrest on Tuesday, December 10, indicating possible connections between the suspects and insurgency financing in Thailand’s southern regions. The arrests took place on December 10 in Songkhla and Yala provinces ...
- Maritime Cyber Priority 2024/25: Tackling a growing cybersecurity threat in an increasingly connected industry
December 12, 2024
The digitalization of the maritime industry is in full flow. Shipowners, ports, cargo owners and many other stakeholders throughout the value chain are increasingly utilizing connected digital technologies to make shipping greener, safer and more efficient. However, DNV’s new Maritime Cyber Priority report highlights that this also introduces new cybersecurity risks, which need to be managed ...
- Careto is back: what’s new after 10 years of silence?
December 12, 2024
During the first week of October, Kaspersky took part in the 34th Virus Bulletin International Conference, one of the longest-running cybersecurity events. There, Kaspersky researchers delivered multiple presentations, and one of our talks focused on newly observed activities by the Careto threat actor, which is also known as “The Mask”. The Mask APT is a legendary ...
- Hackers find hole in Krispy Kreme Doughnuts’ cyber-security
December 11, 2024
Doughnut chain Krispy Kreme says it has been hit by a cyberattack which has disrupted its online systems. Some customers in the US have been unable to make online orders as a result of the hack, which occurred in late November but has only just been disclosed. Krispy Kreme revealed the attack in a regulatory filing ...