A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- IT giant Bitmarck shuts down customer, internal systems after cyberattack
May 1, 2023
German IT services provider Bitmarck has shut down all of its customer and internal systems, including entire datacenters in some cases, following a cyberattack. The company, one of the largest service providers for German health insurers, said no customer, patient, or insured individuals’ data had been accessed in the security breach — at least not according ...
- Android Minecraft clones with 35M downloads infect users with adware
April 27, 2023
A set of 38 Minecraft copycat games on Google Play infected devices with the Android adware ‘HiddenAds’ to stealthily load ads in the background to generate revenue for its operators. Minecraft is a popular sandbox game with 140 million monthly active players, which numerous game publishers have attempted to recreate. Read more… Source: Bleeping Computer
- CISA Releases One Industrial Control Systems Medical Advisory
April 27, 2023
CISA released one Industrial Control Systems Medical (ICS) medical advisory on April 27, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS medical advisory for technical details and mitigations Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases ...
- Linux version of RTM Locker ransomware targets VMware ESXi servers
April 27, 2023
RTM Locker is the latest enterprise-targeting ransomware operation found to be deploying a Linux encryptor that targets virtual machines on VMware ESXi servers. The RTM (Read The Manual) cybercrime gang has been active in financial fraud since at least 2015, known for distributing a custom banking trojan used to steal money from victims. Read more… Source: Bleeping Computer
- Clop, LockBit ransomware gangs behind PaperCut server attacks
April 26, 2023
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data. Last month, two vulnerabilities were fixed in the PaperCut Application Server that allows remote attackers to perform unauthenticated remote code execution and information disclosure. Read more… Source: Bleeping Computer
- Cyber Chiefs Forge Partnerships With Physical Security Units As Combined Threats Grow
April 26, 2023
Cyberattacks are blurring the lines between physical and digital risks, forcing cybersecurity and physical security chiefs to work closely together to combat threats, executives say. Cyber-physical threats, where an attack on computer systems might cause damage to property or people, or vice versa, have long been a concern for companies in the defense-industrial base, power and ...

