🟠 High | Source: The Register — Security
A self-destructing backdoor called Mistic has been linked to an initial access broker (IAB) that sells compromised corporate network footholds to ransomware gangs. The malware has been observed in intrusions targeting insurance, education, IT, and professional services organisations. Its self-destruct capability makes post-incident forensic investigation significantly harder, raising the stakes for early detection.
Security Architect’s Take: Prioritise robust egress filtering, endpoint detection with behavioural analytics, and network segmentation to limit lateral movement from any initial compromise. Review identity and access controls for externally exposed services, and ensure logging pipelines capture short-lived process and file activity before self-deletion can occur.
Original advisory: Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs