Kaspersky Labs reports that the espionage group HoneyMyte (aka Mustang Panda/Bronze President) has upgraded its toolkit in 2025, shifting from simple document theft to active, invasive surveillance of victims. The group has retooled the CoolClient backdoor, deployed browser-login stealers and keylogging/clipboard-monitoring scripts, and now exfiltrates data covertly via public file-sharing services like Pixeldrain. #HoneyMyte #CoolClient #Pixeldrain #PlugX #ToneShell
Keypoints
- HoneyMyte resurfaced in 2025 with significantly enhanced espionage tools.
- The group shifted from stealing documents to real-time surveillance, including keylogging and clipboard capture.
- The CoolClient backdoor was updated and multiple browser-login stealer variants were deployed.
- Stolen data is covertly exfiltrated using public file-sharing services such as Pixeldrain to evade detection.
- Primary targets remain government entities in Southeast Asia and Europe; defenders should watch for CoolClient, PlugX, and ToneShell indicators.