All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Mistic Backdoor and ModeloRAT Deployed in Financially Motivated Attacks Linked to KongTuke

9d ago· 1 min readenNews

Summary

A financially motivated cyberattack campaign since April 2026 deploys the Mistic backdoor (MLTBackdoor) alongside ModeloRAT, targeting insurance, education, IT, and professional services organizations. The operation is linked to initial access broker KongTuke (also tracked under multiple aliases). ModeloRAT was first identified in January 2026 by Huntress in a ClickFix campaign variant called CrashFix, which used a malicious Chrome extension disguised as an ad blocker.

Source

bskyMistic Backdoor and ModeloRAT Deployed in Financially Motivated Attacks Linked to KongTukebriefly.co

Key quotes

· 3 pulled
Mistic (also tracked as MLTBackdoor) has been deployed since April 2026 in financially motivated attacks targeting insurance, education, IT, and professional services organizations.
The backdoor is linked to initial access broker KongTuke, also known by 404 TDS, Chaya_002, LandUpdate808, TAG-124, and Woodgnat, and it is dropped alongside ModeloRAT, a Python RAT previously attributed to the same group.
ModeloRAT was first flagged in January 2026 by Huntress in connection with a ClickFix campaign variant called CrashFix, where a malicious Chrome extension masquerading as an ad blocker crashed br
Snippet from the RSS feed
Mistic is a stealthy in-memory backdoor tied to KongTuke, delivered via ClickFix campaigns, using DLL side-loading and DNS staging for low-visibility access.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.