Back Issues This Week → Calendar → Current Issue → Popular →

All issuesVolume 339, Issue 4IT Vendor NewsSymantec

Backdoor.Mistic: New Backdoor May Be Linked to Ransomware Access Broker

Symantec, Wednesday, June 24th, 2026

Symantec analyzes Backdoor.Mistic, a stealthy in-memory backdoor possibly tied to ransomware access broker Woodgnat.

Symantec's Threat Hunter Team detailed Backdoor.Mistic, a stealthy malware deployed since April 2026 that may be linked to Woodgnat, a ransomware access broker known for the ModeloRAT toolkit.

The backdoor executes payloads in memory without writing files to disk and includes a self-deletion feature, enabling prolonged, undetected access. Woodgnat has been associated with multiple ransomware operations including Qilin, Interlock, and Black Basta.

It primarily targets organizations in insurance, education, IT, and professional services through opportunistic methods.

more →  ·  More from Symantec →