A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Modular Java Backdoor Dropped in Cleo Exploitation Campaign
December 11, 2024
While investigating incidents related to Cleo software exploitation, Rapid7 Labs and MDR observed a novel, multi-stage attack that deploys an encoded Java Archive (JAR) payload. Our investigation revealed that the JAR file was part of a modular, Java-based Remote Access Trojan (RAT) system. This RAT facilitated system reconnaissance, file exfiltration, command execution, and encrypted communication with ...
- Exploitation of critical path traversal vulnerability (CVE-2024-41713) and 0-day path traversal vulnerability (CVE-2024-55550) in Mitel MiCollab
December 11, 2024
After proof-of-concept technical details were published on 5 December 2024 for CVE-2024-41713 and CVE-2024-55550, exploitation activity chaining these two Mitel MiCollab vulnerabilities has been reported. MiCollab is a cloud-based platform that integrates chat, voice, video, and SMS messaging for teams. Vulnerability details CVE-2024-41713 is a vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab ...
- Cleo Releases Security Advisory for Harmony, VLTrader, and LexiCom
December 11, 2024
Cleo has released a security advisory addressing two vulnerabilities in Cleo Harmony, Cleo VLTrader, and Cleo LexiCom, which are commonly used to manage file transfers. Cleo LexiCom is a desktop-based client solution for communication with major trading networks Cleo VLTrader is a server-level solution designed to meet the needs of mid-enterprise organisations Cleo Harmony is tailored ...
- Europol: Law enforcement shuts down 27 DDoS booters ahead of annual Christmas attacks
December 11, 2024
Law enforcement agencies worldwide have disrupted a holiday tradition for cybercriminals: launching Distributed Denial-of-Service (DDoS) attacks to take websites offline. As part of an ongoing international crackdown known as PowerOFF, authorities have seized 27 of the most popular platforms used to carry out these attacks. Known as ‘booter’ and ‘stresser’ websites, these platforms enabled cybercriminals and hacktivists ...
- Russia: Call center scheme that deceived hundreds from over 20 countries exposed in Moscow
December 11, 2024
Russia’s Federal Security Service (FSB), in collaboration with the Russian Interior Ministry, has exposed three Moscow-based illegal call centers that affected hundreds of citizens from more than 20 European and Asian countries, the FSB reported. “The unlawful activities of an organized crime syndicate that controlled the operation of three call centers in Moscow have been disrupted,” ...
- Scammers impersonating TSA pre-check to steal your money and information
December 10, 2024
A new warning as we head into the busy holiday travel season. It would be best to be on guard for fake TSA precheck websites. “We are seeing a disturbing trend of mimicking TSA-like sites,” says Karin Zilberstein with Guardio, a browser extension that identifies fake websites and other malware. She says Guardio has discovered ...