Mistic backdoor linked to ransomware access broker KongTuke
A newly identified backdoor, Mistic, is being used by the KongTuke access broker to facilitate ransomware attacks on corporate networks.
https://hostingpaper.com/article/mistic-backdoor-linked-to-ransomware-access-broker-kongtuke

Mistic backdoor linked to ransomware access broker KongTuke
Security researchers have identified Mistic, a stealthy backdoor malware attributed to the KongTuke initial access broker, which sells network access to ransomware groups. The malware, active since April 2026, enables long-term persistence and in-memory payload execution, evading traditional detect…