Threat Intelligence4 min read
Mustang Panda Deploys Kernel-Mode Rootkit to Conceal TONESHELL Backdoor
Chinese APT uses stolen certificate to sign malicious driver that disables security tools. First documented case of TONESHELL delivered via kernel-mode loader.
Alex KowalskiDec 30, 2025