← All stories
● Covered by 1 source Β· 1 reportHigh impact

New Mistic Backdoor Discovered Linked to KongTuke in Cyber Attack Campaigns

Aggregated by BrevFeed security Β· updated 4d ago
πŸ”– Save

A new backdoor named Mistic has emerged in attacks directed at various sectors, linked to the KongTuke group. The stealthy malware is designed for long-term access, employing sophisticated evasion techniques such as memory-based execution and DLL side-loading, marking a significant threat to targeted organizations.

Key points

Overview of Mistic Backdoor

The Mistic backdoor, also referred to as MLTBackdoor, was first identified in attacks targeting multiple industries including insurance, education, IT, and professional services. Reports indicate that it has been active since April 2026 and is associated with the financial threat group KongTuke. This connection highlights a shift towards sophisticated cybercrime tactics aimed at wide-ranging sectors.

Technical Details

Mistic is notable for operating in memory without writing files to disk, making it difficult to detect. Its implementation includes a self-destruct feature, allowing it to eliminate traces of its presence if detected. The malware can upload, download, move, rename, and delete files, among other functionalities.

Delivery and Methodology

The deployment of Mistic is linked to a broader campaign utilizing ClickFix as a delivery vector, with malicious Google Chrome extensions and DNS for staging additional payloads. These tactics have been connected to the ModeloRAT, which expands the capabilities of Mistic, ensuring a persistent foothold in targeted systems.

Implications for Cybersecurity

The emergence of the Mistic backdoor and its sophisticated operational methods poses a high-level threat, particularly due to its stealth and connection to financially motivated attacks. Organizations in susceptible sectors need to enhance their cybersecurity measures to defend against such advanced persistent threats.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

A new backdoor named Mistic has emerged in attacks directed at various sectors, linked to the KongTuke group. The stealthy malware is designed for long-term access, employing sophisticated evasion techniques such as memory-based execution and DLL side-loading, marking a significant threat to targeted organizations.