A newly discovered backdoor, dubbed Mistic, has been used in enterprise intrusions since April, with researchers from Symantec linking it to an initial access broker that supplies network footholds to ransomware gangs. Mistic has been deployed on networks across multiple sectors, including insurance, education, and IT. Notably, it has been used in conjunction with ModeloRAT, a Python-based malware associated with the threat actor Woodgnat. The use of Mistic alongside other malware suggests a complex and potentially devastating attack strategy. Organizations should be vigilant for signs of Mistic and ModeloRAT, as their presence can indicate a heightened risk of ransomware attacks1. The identification of Mistic highlights the need for practitioners to stay informed about emerging threats and to prioritize robust network security measures to prevent initial access and subsequent malicious activity.
Be on the lookout for Mistic, a new backdoor used by ransomware broker
⚡ High Priority
Why This Matters
In some cases it has been used alongside ModeloRAT, a piece of malware written in Python that’s associated with threat actor Woodgnat, also know
References
- CSO Online. (2026, June 24). Be on the lookout for Mistic, a new backdoor used by ransomware broker. CSO Online. https://www.csoonline.com/article/4189132/be-on-the-lookout-for-mistic-a-new-backdoor-used-by-ransomware-broker.html
Original Source
CSO Online
Read original →