Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs
Summary
A new backdoor named Mistic, capable of self-destruction, has been identified and is linked to an access broker selling corporate network access to ransomware gangs. The backdoor has been observed in attacks against the insurance, education, IT, and professional services industries.
IFF Assessment
This article details a new backdoor and its use by an access broker to facilitate ransomware attacks, which directly harms defenders by increasing the threat landscape.
Defender Context
Defenders should be aware of the Mistic backdoor and its connection to access brokers, as this signifies a sophisticated supply chain for ransomware operations. This highlights the need for robust network segmentation, vigilant monitoring for unusual access patterns, and prompt patching of vulnerabilities that could be exploited by such actors.