Mustang Panda Strikes Again: The Comedic Misadventures of a Kernel-Mode Rootkit in Asia
Mustang Panda rides again! The Chinese APT is hitting Asian targets with a kernel-mode rootkit, says Kaspersky. The espionage group, also known as HoneyMyte, has been deploying the sneaky ToneShell backdoor, making security tools feel like they’re trying to catch a greased pig at a county fair.
Hot Take:
**_Well, well, well, Mustang Panda is back and galloping through the digital wild west like a cyber cowboy with a shiny new rootkit saddle. While we were all busy trying to remember our passwords, they were out here making malware magic happen. It seems like the Panda has upgraded from bamboo to full-on cyber espionage gourmet, with a side of Kernel-mode rootkit and a dash of ToneShell backdoor. Hats off to Kaspersky for playing the role of the digital zookeeper, keeping an eye on these wild beasts._**
Key Points:
– Mustang Panda, a Chinese APT, is targeting East Asian and European government and military entities.
– They are using a Kernel-mode rootkit to deploy the ToneShell backdoor.
– The rootkit uses a signed driver file, operating as a mini-filter driver.
– The driver employs obfuscation techniques to avoid detection and removal.
– The backdoor delivers two user-mode payloads, including a delay-inducing shellcode.