
Be on the lookout for Mistic, a new backdoor used by ransomware broker
Researchers have identified a new backdoor program that has been used in enterprise intrusions since April and appears to be linked to an initial access broker that sells network footholds to ransomware gangs.
Dubbed Mistic by researchers from Symantec, the malware program has been deployed on networks belonging to organizations from multiple sectors, including insurance, education, IT, and professional services. In some cases it has been used alongside ModeloRAT, a piece of malware written in Python that’s associated with threat actor Woodgnat, also known as KongTuke.
“Woodgnat reportedly functions primarily as an IAB [initial access broker],” the Symantec researchers said in their report. ...