ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cybersecurity

Mistic stealth backdoor connects KongTuke and ModeloRAT campaigns

Source headline: New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns

Threat level High
Signal strength 78/100
Source confidence 1 source
Published 2 hours ago

Intelligence Summary

Symantec and Carbon Black link a stealthy backdoor called Mistic (also tracked as MLTBackdoor) to financially motivated intrusions. The activity has targeted organizations across insurance, education, IT, and professional services since April 2026. The campaign chain is reported to involve KongTuke as an initial access broker. Victims may see malware staging and persistence attempts under the Mistic name. Organizations should review endpoint detections for MLTBackdoor indicators and validate access broker activity in their environment.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#kongtuke #mistic #initial-access-broker #mltbackdoor #modelorat #stealth-backdoor
Original reporting The Hacker News New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
Open original source

Related Pulse Signals

View all signals
Medium · Cybersecurity NIST seeks feedback on revised IoT cybersecurity requirements for federal networks Medium · Cybersecurity DraftKings accounts breach: “Snoopy” hacker gets 18-month sentence High · Cybersecurity Texas activists get decades in prison tied to antifa-related allegations High · Cybersecurity Edgecution Edge extension uses Native Messaging to drop a backdoor