A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- French naval officer’s jogging app logs Inadvertently expose France’s aircraft carrier location
March 20, 2026
The relentless pursuit of a personal best is a common motivator for athletes, but for one French naval officer, a routine morning run has now been linked to a national security scare. While the French military typically prides itself on stealth and strategic positioning, the precise coordinates of its flagship were recently broadcast worldwide via a ...
- Cambodia: 9 foreigners nabbed in Phnom Penh cyber-scam raid
March 20, 2026
Eight Chinese nationals and one Malaysian were detained during a raid on a gated community in the capital on Wednesday. A joint force from the Phnom Penh Administrative Unified Command raided a property in the Borey Peng Huot development, located in the Niroth area of Chbar Ampov district. During the operation, officers seized 247 mobile phones ...
- Hasta la vista, Hastalamuerte: An Overview of The Gentlemen’s TTPs
March 19, 2026
In face of so many new ransomware brands, and still remaining RaaS operations such as Medusa, Qilin, and DragonForce, prioritizing is not an easy task to accomplish. However, despite the amount of groups conducting attacks for extortion, the TTPs do not change that much; unless we are talking about Cl0p, Akira and other groups that ...
- CISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devices
March 19, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned companies to secure systems for managing their fleets of employee devices after pro-Iran hackers broke into medical tech giant Stryker and mass-wiped thousands of its phones, tablets, and computers. The agency said on Thursday that it was urging companies to take action and confirmed it was ...
- DarkSword: Second iOS exploit chain in a month targeting iPhone users
March 18, 2026
A new exploit kit targeting iPhone users and stealing their sensitive data is being abused by “multiple” spyware vendors and suspected nation-state goons, security researchers said on Wednesday. The exploit kit, called DarkSword, has been in use since at least November 2025. It supports iOS versions 18.4 through 18.7, and exploits six different vulnerabilities to deploy ...
- Over 29 million secrets were leaked on GitHub in 2025, and AI really isn’t helping
March 18, 2026
Vibe-coding may seem great for quickly shipping products, but inexperienced developers are leaving gaping cybersecurity holes that are causing breaches and exposures left and right. This is according to GitGuardian’s latest report, the “State of Secrets Sprawl” paper that was just released. In the research document, the organization said 2025 was the year when AI adoption ...