A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Poland investigates cyber-attack on rail network
August 26, 2023
Polish intelligence services are investigating a hacking attack on the country’s railways, Polish media say. Hackers broke into railway frequencies to disrupt traffic in the north-west of the country overnight, the Polish Press Agency (PAP) reported on Saturday. The signals were interspersed with recording of Russia’s national anthem and a speech by President Vladimir Putin, the ...
- UK: Metropolitan Police on red alert after details of officers and staff hacked in massive security breach
August 26, 2023
The Metropolitan Police were on red alert tonight after details of officers and staff were hacked in a massive security breach. All 47,000 personnel were warned of the risk their photos, names and ranks had been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes. Information taken also ...
- Lockbit leak, research opportunities on tools leaked from TAs
August 25, 2023
Lockbit is one of the most prevalent ransomware strains. It comes with an affiliate ransomware-as-a-service (RaaS) program offering up to 80% of the ransom demand to participants, and includes a bug bounty program for those who detect and report vulnerabilities that allow files to be decrypted without paying the ransom. According to the Lockbit owners, the ...
- Belgium’s Econocom confirms cyber attack, no sensitive data disclosed
August 24, 2023
Belgian IT services firm Econocom on Thursday confirmed it is investigating a cyber attack it believes originated from a service provider working with some of its clients in France. Read more… Source: USNews
- Flax Typhoon using legitimate software to quietly access Taiwanese organizations
August 24, 2023
Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ networks with minimal use of malware, relying on tools built into the operating system, along with ...
- Lazarus Group’s infrastructure reuse leads to discovery of new malware
August 24, 2023
In the new Lazarus Group campaign we recently disclosed, the North Korean state-sponsored actor continues to use much of the same infrastructure despite those components being well-documented by security researchers over the years. Their continued use of the same tactics, techniques and procedures (TTPs) — many of which are publicly known — highlights the group’s confidence ...