Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit
The threat actor uses a signed driver file containing two user-mode shellcodes to execute its ToneShell backdoor. The post Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit appeared first on SecurityWeek .
Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit
Description
The threat actor uses a signed driver file containing two user-mode shellcodes to execute its ToneShell backdoor. The post Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit appeared first on SecurityWeek .
Threat ID: 6953a65771a94549f1b964e6
Added to database: 12/30/2025, 10:15:51 AM
Last updated: 12/30/2025, 11:21:59 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-15245: Path Traversal in D-Link DCS-850L
MediumCVE-2025-15244: Race Condition in PHPEMS
MediumCVE-2025-15243: SQL Injection in code-projects Simple Stock System
MediumCVE-2025-15241: Open Redirect in CloudPanel Community Edition
MediumKorean Air Data Compromised in Oracle EBS Hack
MediumActions
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.