Be on the lookout for Mistic, a new backdoor used by ransomware broker
Summary
Researchers have identified a new backdoor program called Mistic, which has been used in enterprise intrusions since April and is linked to an initial access broker known as Woodgnat. Woodgnat sells network access to ransomware gangs, and Mistic has been observed alongside ModeloRAT, a malware associated with Woodgnat that has been used to deliver the Qilin ransomware.
IFF Assessment
The discovery of a new backdoor used by ransomware-affiliated actors poses a direct threat to organizations, increasing the risk of compromise and data loss.
Defender Context
Defenders should be aware of the Mistic backdoor and its association with the Woodgnat initial access broker, as this indicates a sophisticated and active threat vector. Organizations should monitor for signs of DLL sideloading and ensure robust endpoint detection and response capabilities to identify and mitigate this type of threat.