New Mistic backdoor enables stealthy long term access for ransomware brokers (opens in new tab)

A new backdoor named Mistic has emerged in cybercrime campaigns targeting the insurance, education, and IT sectors since April 2026. Security researchers link this malware to the initial access broker KongTuke, also known as Woodgnat, who sells network access to major ransomware groups. The backdoor is frequently deployed alongside ModeloRAT and is often delivered through social engineering tactics or multi-stage infection chains. <a href="