SecurityWeek

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit

The China-linked Mustang Panda APT has been using a kernel-mode rootkit in attacks leading to ToneShell backdoor deployments.
The Hacker News

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security ...

Chinese state hackers use rootkit to hide ToneShell malware activity

A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations.
Dark Reading

5 Threats That Defined Security in 2025

2025 included a number of monumental threats, from global nation-state attacks to a critical vulnerability under widespread ...
Crowdfund Insider

Malware Injected into System Processes by Threat Actors Targeting China, Turkey : Research

Kaspersky has released new research findings on a sophisticated cyber espionage campaign by the Evasive Panda threat actor.
TechJuice

New Evasive Panda Attacks Use DNS in Stealthy Cyberattacks

China-linked Evasive Panda is abusing DNS techniques to hide malware traffic, raising new concerns for governments and ...
The Hacker News

China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

China-linked Evasive Panda used DNS poisoning to deliver the MgBot backdoor in targeted espionage attacks from 2022 to 2024.