A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Thunderbolt flaws affect millions of computers – even locking unattended devices won’t help
May 11, 2020
A Dutch researcher has detailed nine attack scenarios that work against all computers with Thunderbolt shipped since 2011 and which allow an attacker with physical access to quickly steal data from encrypted drives and memory. Researcher Björn Ruytenberg detailed the so-called Thunderspy attacks in a report published on Sunday, warning that the attacks work even when users ...
- North Korean hackers infect real 2FA app to compromise Macs
May 9, 2020
Hackers have hidden malware in a legitimate two-factor authentication (2FA) app for macOS to distribute Dacls, a remote access trojan associated with the North Korean Lazarus group. Dacls has been used to target Windows and Linux platforms and the recently discovered RAT variant for macOS borrows from them much of the functionality and code. The threat actor planted the ...
- A hacker group is selling more than 73 million user records on the dark web
May 9, 2020
A hacker group going by the name of ShinyHunters claims to have breached ten companies and is currently selling their respective user databases on a dark web marketplace for illegal products. The hackers ardarke the same group who breached last week Tokopedia, Indonesia’s largest online store. Hackers initially leaked 15 million user records online, for free, but ...
- Threat Brief: Maze Ransomware Activities
May 8, 2020
Since the beginning of the calendar year, Palo Alto Networks has detected an uptick in Maze ransomware samples across multiple industries. As a result, we’ve created this general threat assessment post on the Maze ransomware activities and a full visualization of these techniques can be viewed in the Unit 42 Playbook Viewer. Maze ransomware, a variant of ChaCha ...
- Naikon’s Aria
May 8, 2020
Our colleagues at Checkpoint put together a fine research writeup on some Naikon resources and activity related to “aria-body” that we detected in 2017 and similarly reported in 2018. To supplement their research findings, we are summarizing and publishing portions of the findings reported in our June 2018 “Naikon’s New AR Backdoor Deployment to Southeast Asia”. This ...
- SilverTerrier: New COVID-19 Themed Business Email Compromise Schemes
May 7, 2020
Focusing on one of the most active subsets of the global threat landscape, Palo Alto Networks Unit 42 tracks Nigerian cyber criminals involved in Business Email Compromise (BEC) activities under the name SilverTerrier. Over the past 90 days (Jan. 30 – Apr. 30), we have observed three SilverTerrier actors/groups launch a series of 10 COVID-19 themed ...