A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Trojans lead siege on businesses for second year running
January 23, 2019
Security software firm Malwarebytes has released its annual ‘State of Malware 2019‘ report which analyses the prevalence of different forms of malware and shows how each type is being used to attack businesses and consumers. Following its quarterly report released in October, Malwarebytes report that for the second year in a row, Trojans are leading the siege on ...
- U.S. Gov Issues Urgent Warning of DNS Hijacking Attacks
January 23, 2019
An emergency directive from the Department of Homeland Security provides “required actions” for U.S. government agencies to prevent widespread DNS hijacking attacks. The Department of Homeland Security is ordering all federal agencies to urgently audit Domain Name System (DNS) security for their domains in the next 10 business days. The department’s rare “emergency directive,” issued Tuesday, warned ...
- Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems
January 22, 2019
Just in time… Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same. Ironically, a security researcher just today revealed details of a new critical remote code execution flaw in the apt-get utility that can be exploited by ...
- New Phobos ransomware exploits weak security to hit targets around the world
January 21, 2019
A prolific cybercrime gang behind a series of ransomware attacks is distributing a new form of the file-encrypting malware which combines two well known and successful variants in a series of attacks against businesses around the world. Dubbed Phobos by its creators, the ransomware first emerged in December and researchers at CoveWare have detailed how it shares a number of ...
- DarkHydrus abuses Google Drive to spread RogueRobin Trojan
January 21, 2019
The DarkHydrus advanced persistent threat (APT) group is back and this time is not only using Windows vulnerabilities to infect victims but is also abusing Google Drive as an alternative communications channel. Last week, researchers from the 360 Threat Intelligence Center (360TIC) said the hackers have a new campaign underway which is focusing on targets in the Middle ...
- WiFi firmware bug affects laptops, smartphones, routers, gaming devices
January 18, 2019
Details have been published today about a vulnerability affecting the firmware of a popular WiFi chipset deployed in a wide range of devices, such as laptops, smartphones, gaming rigs, routers, and Internet of Things (IoT) devices. Discovered by Embedi researcher Denis Selianin, the vulnerability impacts ThreadX, a real-time operating system (RTOS) that is used as firmware for ...