Mistic Backdoor Feeds Qilin, Akira, and Black Basta Operations
Symantec links the stealthy Mistic backdoor to KongTuke, an initial access broker supplying corporate network access to major ransomware gangs.
6 articles tagged with "Initial Access Broker"
Symantec links the stealthy Mistic backdoor to KongTuke, an initial access broker supplying corporate network access to major ransomware gangs.
Aleksei Volkov sentenced to nearly 7 years for selling network access to ransomware gangs. Facilitated dozens of attacks causing over $9 million in losses to US organizations.
GreyNoise traces Ivanti EPMM exploitation to bulletproof hosting on PROSPERO network. Defenders find dormant webshells—signs of initial access broker activity.
Security researchers expose an active campaign using layered evasion techniques to deliver Remcos RAT through MSBuild abuse and .NET Reactor-protected loaders.
Multi-stage malware campaign uses text-based stagers and living-off-the-land binaries to deliver Remcos RAT to enterprise targets.
GreyNoise researchers uncover coordinated campaign exploiting 767 CVEs across 47 technology stacks. Hong Kong-based infrastructure generated 98% of attack traffic on Christmas Day.