Researchers identify new ToneShell backdoor targeting government agencies

To defend against the new attacks, the researchers advise memory forensics as the number one way of spotting ToneShell ...
SecurityWeek

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit

The China-linked Mustang Panda APT has been using a kernel-mode rootkit in attacks leading to ToneShell backdoor deployments.
The Hacker News

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security ...
WeLiveSecurity

Signed kernel drivers – Unguarded gateway to Windows’ core

There are various types of kernel drivers; the first that come to mind are device drivers that provide a software interface to hardware devices like plug and play interfaces or filter drivers. These ...