A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 5 arrested in Poland for running bulletproof hosting service for cybercrime gangs
August 11, 2023
This week, the Polish Central Cybercrime Bureau (Centralne Biuro Zwalczania Cyberprzestępczości) under the supervision of the Regional Prosecutor’s Office in Katowice (Prokuratura Regionalna w Katowicach) took action against LolekHosted.net, a bulletproof hosting service used by criminals to launch cyber-attacks across the world. Five of its administrators were arrested, and all of its servers seized, rendering LolekHosted.net ...
- Unknown actor targets power generator with DroxiDat and Cobalt Strike
August 10, 2023
Recently Kaspersky pushed a report about an interesting and common component of the cybercrime malware set – SystemBC. And, in much the same vein as the 2021 Darkside Colonial Pipeline incident, they found a new SystemBC variant deployed to a critical infrastructure target. This time, the proxy-capable backdoor was deployed alongside Cobalt Strike beacons in ...
- Attacker combines phone, email lures into believable, complex attack chain
August 10, 2023
In the course of performing a postmortem investigation of an infected computer, Sophos X-Ops discovered that the attack began with an innocent-sounding phone call. The caller prompted an employee of a Switzerland-based organization to initiate a complex attack chain that compromised the employee’s computer. Sophos Incident Response analysts found that the attackers may have targeted the ...
- JanelaRAT: Repurposed BX Rat Variant Targeting LATAM FinTech
August 10, 2023
In June of 2023, researchers at Zscaler ThreatLabz discovered a threat actor targeting FinTech users in the LATAM region. JanelaRAT involves several tactics, techniques, and procedures (TTPs) such as DLL side-loading, dynamic C2 infrastructure, and a multi-stage attack. The final malware involved in this campaign is a heavily modified variant of BX RAT. Because of this, ...
- Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS
August 10, 2023
Microsoft’s cyberphysical system researchers recently identified multiple high-severity vulnerabilities in the CODESYS V3 software development kit (SDK), a software development environment widely used to program and engineer programmable logic controllers (PLCs). Exploitation of the discovered vulnerabilities, which affect all versions of CODESYS V3 prior to version 3.5.19.0, could put operational technology (OT) infrastructure at risk ...
- CISA Releases Twelve Industrial Control Systems Advisories
August 10, 2023
CISA released twelve Industrial Control Systems (ICS) advisories on August 10, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-222-01 Siemens Solid Edge, JT2Go and Teamcenter Visualization ICSA-23-222-02 Siemens Parasolid Installer ICSA-23-222-03 Siemens JT Open, JT Utilities, and Parasolid Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency