A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- The Importance of Asset Context in Attack Surface Management.
October 30, 2024
This is the last of the four blogs (Help, I can’t see! A Primer for Attack Surface Management Blog Series, The Main Components of an Attack Surface Management (ASM) Strategy, and Understanding your Attack Surface: Different Approaches to Asset Discovery) covering the foundational elements of Attack Surface Management (ASM), and this topic covers one of ...
- Scammers Exploit 2024 US General Election to Perpetrate Multiple Fraud Schemes
October 29, 2024
The FBI is warning the public about scammers exploiting the 2024 US General election to perpetrate multiple types of financial fraud schemes. These scams target victims across the United States and have previously exploited state and local elections for similar scams. Scammers use the names, images, logos, and slogans of candidates to fraudulently solicit campaign contributions, ...
- Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
October 29, 2024
Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. Based on our investigation of previous Midnight Blizzard ...
- France: Free ISP announces data breach, millions of users possibly affected
October 29, 2024
One of the biggest internet service providers (ISP) in France has confirmed suffering a cyberattack that saw it lose sensitive customer data. A threat actor alias “drusselx” opened a new thread on the infamous Breach forums, advertising a major database for sale, claiming it contains data on 19.2 million Free customers, and holds more than 5.11 ...
- Hackers breach sensitive government and police data in Italy
October 28, 2024
Prosecutors in Milan have uncovered a network of hackers and former law enforcement officials accused of using malware and insider contacts to break into several government databases, including the Interior Ministry. The group allegedly accessed over 800,000 confidential records, even targeting accounts linked to the president’s office. Prosecutors said on Saturday that the operation was allegedly ...
- Bucharest’s District 5 City Hall hit by ransomware attack
October 28, 2024
The District 5 City Hall of Bucharest announced on October 26 that it was the target of a cyber attack that hit its servers. The hackers demanded USD 5 million in ransom, but mayor Cristian Popescu Piedone said he would not pay. “This morning (e.n. October 26), the District 5 City Hall employees reported that the ...