VulnHub

Real-time Cybersecurity News

New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns

The Hacker News
Actively Exploited
Symantec

Overview

A new backdoor known as Mistic has been discovered in a series of financially motivated cyberattacks targeting organizations across various sectors, including insurance, education, IT, and professional services. This backdoor, also referred to as MLTBackdoor, has been linked to an initial access broker called KongTuke. Researchers from Symantec and Carbon Black's Threat Hunter Team have traced the deployment of Mistic back to April 2026. The stealthy nature of this backdoor raises concerns as it allows attackers to infiltrate systems undetected, potentially leading to data theft or other malicious activities. Organizations in the affected sectors should be on high alert and strengthen their cybersecurity measures to combat this emerging threat.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Organizations in insurance, education, IT, and professional services sectors
  • Action Required: Organizations should enhance their cybersecurity protocols, monitor for unusual activity, and consider implementing advanced threat detection systems.
  • Timeline: Ongoing since April 2026

Original Article Summary

A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services sectors since April 2026. According to Symantec and Carbon Black's Threat Hunter Team, the backdoor, also tracked as MLTBackdoor, is said to be linked to an initial access broker (IAB) named

Impact

Organizations in insurance, education, IT, and professional services sectors

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since April 2026

Remediation

Organizations should enhance their cybersecurity protocols, monitor for unusual activity, and consider implementing advanced threat detection systems.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Symantec.

Read Original Article

Related Coverage

Federal court rules Trump election-focused executive order illegal

CyberScoop

A federal court has ruled that an executive order issued by former President Trump, which aimed to create federal voter lists for each state and limit mail-in ballots through the USPS, is unconstitutional. The court's decision effectively nullifies the provisions of the order, impacting how states manage voter registration and mail-in voting processes. This ruling is significant as it addresses the ongoing debate over election integrity and access, particularly in light of concerns raised about voter suppression. The decision may influence future legislation and executive actions related to elections, as it sets a precedent for the limits of federal authority in state election matters.

Jun 25, 2026

PirloTV sports piracy network disrupted as 44 domains seized

BleepingComputer

Law enforcement agencies have taken significant action against the PirloTV sports piracy network, seizing 44 domains associated with the illegal streaming platform. This crackdown aims to disrupt the distribution of unauthorized sports content, which affects both the rights holders of the broadcasts and legitimate viewers. PirloTV has been known for providing free access to premium sports events without proper licensing, leading to financial losses for broadcasters and sports leagues. The seizure of these domains is a part of ongoing efforts to combat online piracy and protect intellectual property rights. This incident serves as a reminder of the legal risks associated with using unlicensed streaming services, as users may also face repercussions.

Jun 25, 2026

Cisco Vulnerability Exploited Months Before Disclosure, Google Warns

Infosecurity Magazine

A significant security vulnerability in Cisco's Catalyst SD-WAN Manager has been exploited by attackers months before its public disclosure. The flaw, which was revealed in early June, was reportedly being used in attacks as early as March. This situation raises serious concerns for organizations using Cisco's SD-WAN technology, as they may have been at risk for an extended period without knowledge of the threat. Companies are urged to review their systems and apply any available patches to mitigate potential risks. The exploitation of this vulnerability highlights the importance of timely disclosures and the need for vigilance in monitoring systems for suspicious activity.

Jun 25, 2026

ASIO establishes dedicated teams to counter nation-state cyber sabotage

SCM feed for Latest

Australia's Security and Intelligence Organisation (ASIO) has created specialized teams to address cyber sabotage threats from nation-states targeting the country's critical infrastructure. This move, announced by ASIO Director-General Mike Burgess, reflects increasing concerns about foreign interference and cyber attacks aimed at essential services and systems. By focusing resources on these dedicated units, ASIO aims to enhance its capabilities in detecting and mitigating potential cyber incidents that could disrupt public safety and national security. This development is particularly important as nations globally face rising cyber threats, making it crucial for Australia to strengthen its defenses against such risks.

Jun 25, 2026

Webinar: Why account takeovers remain one of the hardest threats to stop

BleepingComputer

Account takeover attacks remain a significant challenge for organizations as attackers often exploit legitimate accounts and trusted services to gain unauthorized access. This issue complicates detection and response efforts for security teams. A recent webinar discussed how behavioral AI can enhance the identification of compromised accounts, enabling quicker responses to these incidents. The focus is on using advanced technology to automate workflows that can mitigate the risks associated with account takeovers. As these attacks can lead to severe data breaches and financial losses, understanding and addressing them is crucial for businesses and their customers.

Jun 25, 2026

Cal Water Finds No Evidence of OT Activity After Hackers Claimed They Could Disrupt Water Supply

SecurityWeek

Cal Water, a utility in California, recently investigated a cyberattack attributed to the Iranian hacker group Handala. Despite the hackers claiming they could disrupt the water supply, Mandiant, the cybersecurity firm assisting in the investigation, found no evidence of any operational technology (OT) activity being compromised. This incident raises concerns about the security of critical infrastructure, especially given the attackers' bold claims. While the immediate threat appears to be contained, it serves as a reminder for utilities and other essential services to remain vigilant against potential cyber threats. Ensuring the integrity of water supplies is crucial for public safety and trust.

Jun 25, 2026