SECURITYTHE HACKER NEWS
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
A new backdoor named Mistic (MLTBackdoor) has been used in financially motivated attacks targeting organizations in insurance, education, IT, and professional services since April 2026. Symantec and Carbon Black's Threat Hunter Team linked it to an initial access broker named KongTuke and campaigns called ClickFix and ModeloRAT.
Mentioned
Related Signal
Adjacent reporting
- Stealthy Mistic backdoor linked to ransomware access broker KongTuke
- OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
- Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
- FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
- Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
- New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials