Mustang Panda, a China-aligned threat actor, has upgraded its malware toolkit with the new backdoor TONESHELL and a USB worm called SnakeDisk, primarily targeting Thai infrastructure. These tools exhibit sophisticated evasion techniques and regional geofencing, demonstrating the groupβs evolving cyber espionage capabilities. #MustangPanda #Hive0154
Keypoints
- Mustang Panda is known for targeting Southeast Asia with advanced malware tools.
- The updated TONESHELL malware family supports covert C2 communication and anti-detection features.
- SnakeDisk is a USB worm designed to detect and propagate via infected USB devices in Thailand.
- Yokai backdoor enables remote command execution and maintains persistence on compromised hosts.
- The threat actor maintains a large, evolving malware ecosystem with multiple attack campaigns.
Read More: https://thehackernews.com/2025/09/mustang-panda-deploys-snakedisk-usb.html