SecurityWeek

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit

The threat actor uses a signed driver file containing two user-mode shellcodes to execute its ToneShell backdoor. The Chinese espionage-focused APT Mustang Panda has been using a kernel-mode rootkit ...