Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

Security Aid December 30, 2025 1 minute read

The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting an unspecified entity in Asia.
The findings come from Kaspersky, which observed the new backdoor variant in cyber espionage campaigns mounted by the hacking group targetingThe Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting an unspecified entity in Asia.
The findings come from Kaspersky, which observed the new backdoor variant in cyber espionage campaigns mounted by the hacking group targeting The Hacker NewsRead More

About The Author

Security Aid

See author's posts

Security Aid

Related Stories

8 Cybersecurity Acquisitions Surpassed $1 Billion Mark in 2025

Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit