Skip to content
The Nexus
DossierENTITY

KongTuke

Coverage of KongTuke in the Nexus archive.

Earliest in view: May 14 · 12:12 UTCMost recent: Jun 25 · 08:54 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 25 · 08:54 UTCTHE HACKER NEWS
    New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns

    A new backdoor named Mistic (MLTBackdoor) has been used in financially motivated attacks targeting organizations in insurance, education, IT, and professional services since April 2026. Symantec and Carbon Black's Threat Hunter Team linked it to an initial access broker named KongTuke and campaigns called ClickFix and ModeloRAT.

  • SECURITYJun 24 · 10:41 UTCBLEEPING COMPUTER
    Stealthy Mistic backdoor linked to ransomware access broker KongTuke

    A new backdoor called Mistic has been detected in financially motivated cyberattacks targeting organizations in insurance, education, IT, and professional services sectors. The backdoor is linked to a ransomware access broker named KongTuke.

  • SECURITYMay 14 · 12:12 UTCBLEEPING COMPUTER
    KongTuke hackers now use Microsoft Teams for corporate breaches

    KongTuke hackers are using Microsoft Teams for social engineering attacks to gain access to corporate networks, taking as little as five minutes to achieve persistent access. The group, an initial access broker, has shifted its tactics to exploit the popular communication platform. This change in strategy allows them to breach corporate security more efficiently.

KongTuke · Dossier · The Nexus