A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Corrupted open-source software enters the Russian battlefield
March 22, 2022
It started as an innocent protest. Npm, JavaScript’s package manager maintainer RIAEvangelist, Brandon Nozaki Miller, wrote and published an open-code npm source-code package called peacenotwar. It did little except add a protest message against Russia’s invasion of Ukraine. But then, it took a darker turn: It began destroying computers’ file systems. To be exact, Miller added ...
- Authentication oufit Okta investigating Lapsus$ breach report
March 22, 2022
The Lapsus$ extortion crew has turned its attention to identity platform Okta and published screenshots purportedly showing the group gaining access to the company’s internals. The incident follows the group’s claim over the weekend that it had made off with chunks of Microsoft’s code. However, a compromise at Okta could be altogether more serious since the ...
- Android app with 100,000 downloads contained password-stealing malware, say security researchers
March 22, 2022
Google has removed an app with over 1000,000 downloads from its Play Store after security researchers warned that the app was able to harvest the Facebook credentials of smartphone users. Researchers at French mobile security firm Pradeo said the app embeds Android trojan malware known as “Facestealer” because it dupes victims into typing in their Facebook ...
- Suspected DarkHotel APT resurgence targets luxury Chinese hotels
March 21, 2022
A new wave of suspected activity conducted by the DarkHotel advanced persistent threat (APT) group has been disclosed by researchers. Last week, Trellix researchers Thibault Seret and John Fokker said that a malicious campaign has been targeting luxury hotels in Macao, China since November 2021, and based on clues in the attack vector and malware used, ...
- Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers
March 21, 2022
Ukrainian security officials have warned of ongoing attacks by InvisiMole, a hacking group with ties to the Russian advanced persistent threat (APT) group Gamaredon. Last week, the Computer Emergency Response Team for Ukraine (CERT-UA) said that the department has been advised of new phishing campaigns taking place against Ukrainian organizations that spread the LoadEdge backdoor. According to ...
- More Conti ransomware source code leaked on Twitter out of revenge
March 20, 2022
A Ukrainian security researcher has leaked newer malware source code from the Conti ransomware operation in revenge for the cybercriminals siding with Russia on the invasion of Ukraine. Conti is an elite ransomware gang run by Russian-based threat actors. With their involvement in developing numerous malware families, it is considered one of the most active cybercrime ...