A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Zero-day vuln in Microsoft Office: ‘Follina’ will work even when macros are disabled
May 30, 2022
Infosec researchers have idenitied a zero-day code execution vulnerability in Microsoft’s ubiquitous Office software. Dubbed “Follina”, the vulnerability has been floating around for a while (cybersecurity researcher Kevin Beaumont traced it back to a report made to Microsoft on April 12) and uses Office functionality to retrieve a HTML file which in turn makes use of ...
- Australian digital driving licenses can be defaced in minutes
May 30, 2022
An Australian digital driver’s license (DDL) implementation that officials claimed is more secure than a physical license has been shown to easily defaced, but authorities insist the credential remains secure. New South Wales, Australia’s most populous state, launched its DDL program in 2019, and as of 2021 officials there said that slightly more than half of ...
- CISA and DoD Release 5G Security Evaluation Process Investigation Study
May 26, 2022
CISA and the Department of Defense (DoD) have released their 5G Security Evaluation Process Investigation Study for federal agencies. The new features, capabilities, and services offered by fifth-generation (5G) cellular network technology can transform mission and business operations; and federal agencies will eventually be applying different 5G usage scenarios: low-, mid-, and high-band spectrum. The study ...
- FBI: Compromised US Academic Credentials Identified Across Various Public and Dark Web Forums
May 26, 2022
The FBI is informing academic partners of identified US college and university credentials advertised for sale on online criminal marketplaces and publically accessible forums. This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations. Cyber actors continue to conduct attacks against US ...
- New ERMAC 2.0 Android malware steals accounts, wallets from 467 apps
May 26, 2022
The ERMAC Android banking trojan has released version 2.0, increasing the number of applications targeted from 378 to 467, covering a much wider range of apps to steal account credentials and crypto wallets. The goal of the trojan is to send stolen login credentials to threat actors, who then use them to take control of other ...
- Ex-spymaster and fellow Brexiteers’ emails leaked by suspected Russian op
May 26, 2022
Emails between leading pro-Brexit figures in the UK have seemingly been stolen and leaked online by what could be a Kremlin cyberespionage team. The messages feature conversations between former spymaster Richard Dearlove, who led Britain’s foreign intelligence service MI6 from 1999 to 2004; Baroness Gisela Stuart, a member of the House of Lords; and Robert Tombs, ...