Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs


A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.

This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”

Read more…
Source:  


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Meet Akira – A new ransomware operation targeting the enterprise

    May 7, 2023

    The new Akira ransomware operation has slowly been building a list of victims as they breach corporate networks worldwide, encrypt files, and then demand million-dollar ransoms. Launched in March 2023, Akira claims to have already conducted attacks on sixteen companies. These companies are in various industries, including education, finance, real estate, manufacturing, and consulting. Read more… Source: Bleeping ...

  • New Cactus ransomware encrypts itself to evade antivirus

    May 7, 2023

    A new ransomware operation called Cactus has been exploiting vulnerabilities in VPN appliances for initial access to networks of “large commercial entities.” The Cactus ransomware operation has been active since at least March and is looking for big payouts from its victims. Read more… Source: Bleeping Computer  

  • UAE issues warning over cyber-attacks

    May 6, 2023

    The UAE Cybersecurity Council called on public and private sectors to exercise the utmost caution against any cyber-attacks that may target the national digital infrastructure and assets. The Council demanded the public and private entities to activate the cyber emergency response system in cooperation with the competent authorities in order to share data so as to ...

  • Dump these insecure phone adapters because we’re not fixing them, says Cisco

    May 5, 2023

    There is a critical security flaw in a Cisco phone adapter, and the business technology giant says the only step to take is dumping the hardware and migrating to new kit. In an advisory, Cisco this week warned about the vulnerability in the SPA112 2-Port Adapter that, if exploited, could allow a remote attacker to essentially ...

  • CISA Releases One Industrial Control Systems Advisory

    May 4, 2023

    CISA released one Industrial Control Systems (ICS) advisory on May 4, 2023.This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases One Industrial Control Systems ...

  • Not quite an Easter egg: a new family of Trojan subscribers on Google Play

    May 4, 2023

    Every once in a while, someone will come across malicious apps on Google Play that seem harmless at first. Some of the trickiest of these are subscription Trojans, which often go unnoticed until the user finds they have been charged for services they never intended to buy. This kind of malware often finds its way ...