Threat IntelligenceDec 30, 2025•4 min read
Mustang Panda Deploys Kernel-Mode Rootkit to Conceal TONESHELL Backdoor
Chinese APT uses stolen certificate to sign malicious driver that disables security tools. First documented case of TONESHELL delivered via kernel-mode loader.
Alex Kowalski