Skip to content

Mistic Backdoor Deployed by Ransomware Access Broker KongTuke

The Point: The Mistic backdoor is being deployed by ransomware access broker KongTuke in targeted attacks against insurance companies, educational institutions, and IT firms.

A newly discovered backdoor named Mistic is being used in financially motivated attacks against organizations in the insurance, education, IT, and professional services sectors. The malware has been attributed to the ransomware access broker KongTuke.

The Mistic backdoor first appeared in targeted attacks aimed at enterprises across multiple industries. Organizations in the insurance, education, IT, and consulting sectors were particularly targeted. The malware has been closely linked to the known ransomware access broker KongTuke.

For CISO teams, this development is significant because access brokers like KongTuke serve as entry points for large-scale compromises. They conduct reconnaissance on systems, install persistent backdoors, and then sell access to ransomware operators or other threat actors. Mistic thus represents an immediate threat in the early stages of a ransomware attack chain.

Organizations in the mentioned sectors should review their network detections for Mistic indicators and unusual backdoor activity. Prioritizing hardening measures against RDP, VPN, and email-based access vectors is essential for preventing such entry points.


Source: www.bleepingcomputer.com · Published June 24, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.

Share on: