A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- SteelFox Leverages Signed Windows Drivers to Attack Kernel
November 26, 2024
This week, the SonicWall Capture Labs threat research team investigated a sample of SteelFox malware. This is bundled with “software activators” for JetBrains and Foxit PDF readers. During installation, they run as a service and use vulnerable signed Windows drivers to exploit and attack the kernel. Secondarily, cryptominers such as XMRig are run in memory via ...
- Analysis of Elpaco: a Mimic variant
November 26, 2024
In a recent incident response case, Kaspersky dealt with a variant of the Mimic ransomware with some interesting customization features. The attackers were able to connect via RDP to the victim’s server after a successful brute force attack and then launch the ransomware. After that, the adversary was able to elevate their privileges by exploiting the ...
- Hackers who inflitrated South African financial system reveal data for a large number people
November 24, 2024
A hacking group that claims it fraudulently collected Social Relief of Distress (SRD) grants and infiltrated South Africa’s financial system through credit bureaus has released data appearing to belong to Absa and Standard Bank customers. N4aughtySecGroup contacted the media earlier this month with a warning that it had breached several credit bureaus and used its access ...
- UK: Prison layouts reportedly leaked on dark web
November 23, 2024
The Ministry of Justice has said it is aware of a data breach affecting prisons in England and Wales. Confidential prison layouts had been leaked onto the dark web in the past two weeks, according to The Times. A former prison governor told the paper organised crime groups could potentially use the information to smuggle drugs ...
- 9 months after the largest healthcare breach in history, UnitedHealth subsidiary back online
November 22, 2024
Change Healthcare—a subsidiary of the global health company UnitedHealth Group — has restored its medical billing services nine months after suffering an unprecedented ransomware attack that left providers with serious cashflow problems, threatened access to care, and leaked sensitive information onto the dark web. Change Healthcare, one of the largest health payment processing companies in the ...
- Fake Google Chrome Website Tricks Users into Installing Malware
November 22, 2024
Google Chrome is the most widely used web browser in the world, and this dominance makes it a great vector for cybercriminals to use to spread malware to unsuspecting users. The SonicWall Capture Labs threat research team recently found what appears to be a legitimate website where a user can download and install Google Chrome. But ...