A new backdoor named Mistic has emerged in attacks directed at various sectors, linked to the KongTuke group. The stealthy malware is designed for long-term access, employing sophisticated evasion techniques such as memory-based execution and DLL side-loading, marking a significant threat to targeted organizations.
The Mistic backdoor, also referred to as MLTBackdoor, was first identified in attacks targeting multiple industries including insurance, education, IT, and professional services. Reports indicate that it has been active since April 2026 and is associated with the financial threat group KongTuke. This connection highlights a shift towards sophisticated cybercrime tactics aimed at wide-ranging sectors.
Mistic is notable for operating in memory without writing files to disk, making it difficult to detect. Its implementation includes a self-destruct feature, allowing it to eliminate traces of its presence if detected. The malware can upload, download, move, rename, and delete files, among other functionalities.
The deployment of Mistic is linked to a broader campaign utilizing ClickFix as a delivery vector, with malicious Google Chrome extensions and DNS for staging additional payloads. These tactics have been connected to the ModeloRAT, which expands the capabilities of Mistic, ensuring a persistent foothold in targeted systems.
The emergence of the Mistic backdoor and its sophisticated operational methods poses a high-level threat, particularly due to its stealth and connection to financially motivated attacks. Organizations in susceptible sectors need to enhance their cybersecurity measures to defend against such advanced persistent threats.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
A new backdoor named Mistic has emerged in attacks directed at various sectors, linked to the KongTuke group. The stealthy malware is designed for long-term access, employing sophisticated evasion techniques such as memory-based execution and DLL side-loading, marking a significant threat to targeted organizations.