THE article discusses a new remote access trojan (RAT) called Backdoor.Mistic, deployed by an initial access broker (IAB) known as Woodgnat or KongTuke, linked to several ransomware groups. Active since May 2024, Woodgnat targets various sectors, including education and IT, with opportunistic attacks. The RAT allows attackers to manipulate files, execute code, and conduct data exfiltration.
Notable tactics include using compromised WordPress sites and social engineering via Microsoft Teams to execute malicious PowerShell commands. The IAB has also previously utilized another RAT, ModeloRAT, and engages in profiling machines to assess their value for sale.