Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor
Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor Source: https://thehackernews.com/2025/12/mustang-panda-uses-signed-kernel-driver.html
Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor
Description
Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor Source: https://thehackernews.com/2025/12/mustang-panda-uses-signed-kernel-driver.html
Technical Details
- Source Type
- Subreddit
- InfoSecNews
- Reddit Score
- 1
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Domain
- thehackernews.com
- Newsworthiness Assessment
- {"score":58.1,"reasons":["external_link","trusted_domain","newsworthy_keywords:backdoor,rootkit","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":["backdoor","rootkit"],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- true
Threat ID: 6953a66171a94549f1b967f5
Added to database: 12/30/2025, 10:16:01 AM
Last updated: 12/30/2025, 12:31:39 PM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
EmEditor Homepage Download Button Served Malware for 4 Days
MediumCoupang to split $1.17 billion among 33.7 million data breach victims
HighMitigating npm supply chain attacks using local Levenshtein distance and metadata analysis
MediumHacker arrested for KMSAuto malware campaign with 2.8 million downloads
HighNew Google-Themed Phishing Wave Hits Over 3,000 Global Organisations
MediumActions
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.