The threat actor uses a signed driver file containing two user-mode shellcodes to execute its ToneShell backdoor.

The post Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit appeared first on SecurityWeek.

https://www.securityweek.com/chinese-apt-mustang-panda-caught-using-kernel-mode-rootkit/