Maisto International
| Primary URL | Location | Industry | maisto[.]com |
Country
United Kingdom
|
Manufacturing
|
|---|
Profile
The organization is known publicly by the two aliases Maisto.com and Maisto International, under which it conducts its online activities. Its principal place of business and registered headquarters is located in the United Kingdom, indicating the jurisdiction under which it operates. On 29 April 2016, the organization's web presence became the vector for a significant cyber security incident that was later documented by researchers. During this event, attackers employed the Angler exploit kit, a notorious toolkit used to automate the delivery of malware through browser vulnerabilities. The malicious code was injected directly onto the site's homepage, meaning that any visitor who loaded the page was potentially exposed to the exploit without any additional interaction.
The exploit chain took advantage of outdated and unpatched versions of widely used browser plugins, including Adobe Flash, Java, Silverlight, and Internet Explorer, which were still present on many end‑user systems at the time. When a vulnerable plugin was encountered, the Angler kit facilitated a drive‑by download that installed CryptXXX ransomware onto the visitor's computer, encrypting personal files and displaying a ransom note. Forensic analysis indicated that the underlying web server was running an outdated release of the Joomla content management system, a factor that likely allowed the attackers to gain the necessary privileges to inject the malicious payload. Despite the encryption performed by CryptXXX, researchers later discovered a flaw in the ransomware's cryptographic implementation that enabled victims to recover their data without acceding to the attackers' payment demands. The episode illustrates how even a domain that users perceive as trustworthy can become a distribution point for threats when software maintenance is neglected, reinforcing the importance of timely patching, strict plugin controls, and maintaining isolated, offline backups. Beyond the details of this incident, the publicly available sources do not disclose information about the organization's core products, services, market focus, size, or any ownership or subsidiary relationships.
