A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Fickle Stealer Distributed via Multiple Attack Chain
June 19, 2024
The past few years have seen a significant increase in the number of Rust developers. Rust is a programming language focused on performance and reliability. However, for an attacker, its complicated assembly code is a significant merit. In May 2024, FortiGuard Labs observed a Rust-based stealer. In addition to its intricate code, the stealer is distributed ...
- Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework
June 19, 2024
In early April, Trend Micro researchers discovered that a new threat actor group (which they call Void Arachne) was targeting Chinese-speaking users. Void Arachne’s campaign involves the use of malicious MSI files that contain legitimate software installer files for artificial intelligence (AI) software as well as other popular software. The malicious Winos payloads are bundled alongside ...
- Unmasking Mac malware – strategies for a growing threat
June 18, 2024
In recent years, cybercriminal groups have been ramping up their efforts to find vulnerabilities and create malware that will exploit the iOS or macOS. Jamf’s latest annual threat landscape research tracked 300 malware families designed for macOS, and 21 newly created families in 2023. It’s not just the number of malware families that has risen, but ...
- Analysis of user password strength
June 18, 2024
The processing power of computers keeps growing, helping users to solve increasingly complex problems faster. A side effect is that passwords that were impossible to guess just a few years ago can be cracked by hackers within mere seconds in 2024. For example, the RTX 4090 GPU is capable of guessing an eight-character password consisting of ...
- Finland sees record number of data breach reports in 2023
June 18, 2024
A record high number of data breaches were reported to Finland’s Data Protection Ombudsman last year, according to a report by news group Uutissuomalainen. In total, the office received 6,900 data breach reports in 2023, an increase of 1,400 on the figure for 2022. Assistant Data Protection Ombudsman Heljä-Tuulia Pihamaa told Uutissuomalainen that the sharp rise ...
- Hackers are using fake Chrome, Word and OneDrive errors to trick people into installing malware
June 17, 2024
Proofpoint has observed an increase in a technique leveraging unique social engineering that directs users to copy and paste malicious PowerShell scripts to infect their computers with malware. Threat actors including initial access broker TA571 and at least one fake update activity set are using this method to deliver malware including DarkGate, Matanbuchus, NetSupport, and various ...