Dossier
Mistic
Coverage of Mistic in the Nexus archive.
- New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
A new backdoor named Mistic (MLTBackdoor) has been used in financially motivated attacks targeting organizations in insurance, education, IT, and professional services since April 2026. Symantec and Carbon Black's Threat Hunter Team linked it to an initial access broker named KongTuke and campaigns called ClickFix and ModeloRAT.
- Stealthy Mistic backdoor linked to ransomware access broker KongTuke
A new backdoor called Mistic has been detected in financially motivated cyberattacks targeting organizations in insurance, education, IT, and professional services sectors. The backdoor is linked to a ransomware access broker named KongTuke.