A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Thousands affected by cyber attack on Hong Kong college
May 10, 2024
Over 8,000 students of a private vocational college have been affected by a cyber attack, the privacy watchdog said on Friday. The Hong Kong College of Technology said its information technology network and file server were hacked in February. A ransomware group is believed to have got hold of 450GB of the college’s data and the ...
- Boeing says it refused to pay massive ransomware demand
May 9, 2024
Boeing has revealed it refused to pay a $200 million ransom demand from ransomware hackers who stole a tranche of sensitive data in 2023. The incident impacted elements of its parts and distribution business, but that flight safety was not compromised. LockBit’s affiliates walked away with 43 gigabytes of data, for which they later demanded an ...
- DocGo patient health data stolen in cyberattack
May 9, 2024
Medical health care provider DocGo has disclosed in a form 8-K that it experienced a cybersecurity incident involving some of the company’s systems. As part of the investigation of the incident, the company says it has determined that the attacker accessed and acquired data, including certain protected health information. DocGo is a healthcare provider that offers ...
- Ascension Health Becomes Latest Cyberattack Victim in Healthcare, Investigations Underway
May 9, 2024
Ascension Health has disclosed that after detecting “unusual activity,” that affected its clinical operations, the company contacted Mandiant, a cybersecurity firm, to investigate the cyberattack. According to Ascension Health’s official statement, the organization has processes in place to guarantee that patient care delivery remains safe and is affected as little as possible, and care staff are ...
- Unmasking Tycoon 2FA: A Stealthy Phishing Kit Used to Bypass Microsoft 365 and Google MFA
May 9, 2024
Tycoon 2FA is a phishing-as-a-service (PhaaS) platform that was first seen in August 2023. Like many phish kits, it bypasses multifactor authentication (MFA) protections and poses a significant threat to users. Lately, Tycoon 2FA has been grabbing headlines because of its role in ongoing campaigns designed to target Microsoft 365 and Gmail accounts. Read more… Source: Proofpoint Sign up ...
- U.S. Patent Office data leak exposes private addresses
May 9, 2024
USPTO has acknowledged yet another incident in which the filers’ address data was leaked. Following a second data breach within two years, the federal agency responsible for patent and trademark grants notified thousands of filers whose private addresses were exposed. As a result, the USPTO is now reaching out to thousands of affected filers to inform ...