Lucene search
+L

9 matches found

HackRead
HackRead
added 2025/12/30 3:22 p.m.7 views

HoneyMyte (aka Mustang Panda) Deploys ToneShell Backdoor in New Attacks

HoneyMyte Mustang Panda is back with a new ToneShell backdoor. Read how this stealthy attack blinds Microsoft Defender to target government entities in Asia...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/30 8:35 a.m.8 views

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

The Chinese hacking group known as Mustang Panda aka HoneyMyte has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting an unspecified entity in Asia. The findings come from Kaspersky,...

7.8AI score
Exploits0
Securelist
Securelist
added 2025/12/29 10:0 a.m.23 views

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Overview of the attacks In mid-2025, we identified a malicious driver file on computer systems in Asia. The driver file is signed with an old, stolen, or leaked digital certificate and registers as a mini-filter driver on infected machines. Its end-goal is to inject a backdoor Trojan into the...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/09/15 6:45 p.m.4 views

Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs

The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk. "The worm only executes on devices with Thailand-based IP addresses and drops the Yokai backdoor," IBM X-Force...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/17 3:22 p.m.38 views

Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates

The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. Thi...

9.1CVSS9.5AI score0.99999EPSS
Exploits23
The Hacker News
The Hacker News
added 2024/10/02 3:21 p.m.14 views

China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration

A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster ...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/09/25 6:45 a.m.37 views

New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government

An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously on the same victims'...

8.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/24 9:59 a.m.2 views

Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies

A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte,...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/03 9:56 a.m.66 views

Chinese Hackers Targeting European Entities with New MQsTTang Backdoor

The China-aligned Mustang Panda actor has been observed using a hitherto unseen custom backdoor called MQsTTang as part of an ongoing social engineering campaign that commenced in January 2023. "Unlike most of the group's malware, MQsTTang doesn't seem to be based on existing families or publicly...

0.3AI score
Exploits0
Rows per page
Query Builder