Mustang Panda Strikes Again: New TONESHELL Backdoor Targets Asia with Stealthy Kernel-Mode Tactics
Mustang Panda is back with a vengeance, unleashing its latest kernel-mode rootkit driver to deliver the TONESHELL backdoor. This cyber espionage campaign, targeting Southeast and East Asian governments, involves breaking and entering with a digital certificate from an ATM company. Looks like cybersecurity’s got pandas in the system, and they’re not here for bamboo!
Hot Take:
Who needs Netflix when you have real-life cyber espionage thrillers like Mustang Panda’s latest escapade? This hacking group is on a mission to outdo the best spy novels, complete with stolen certificates, kernel-mode rootkits, and a backdoor that’s sneakier than a cat burglar. It’s like Mission Impossible, but with fewer explosions and more computer screens. Can someone get Tom Cruise to play the hacker in this one?
Key Points:
– Mustang Panda has developed a new kernel-mode rootkit driver to deliver the TONESHELL backdoor.
– The backdoor targets government organizations in Southeast and East Asia, including Myanmar and Thailand.
– The rootkit driver uses a stolen digital certificate to operate undetected and protect malicious files.
– TONESHELL’s C2 infrastructure was set up in 2024, but the campaign began in February 2025.
– The rootkit driver boasts advanced features to evade detection by antivirus programs.