Mustang Panda, a Chinese espionage group, has been deploying advanced kernel-mode rootkits and signed drivers to evade detection in their cyberattacks targeting Asian governments and military organizations. The groupβs evolving tactics include using sophisticated techniques like API obfuscation and registry monitoring to stealthily infiltrate and persist in victimsβ systems. #MustangPanda #ToneShell
Keypoints
- Mustang Panda has recently employed a kernel-mode rootkit using a signed driver to conceal its operations.
- The group targets government and military entities primarily in East Asia and Europe.
- The attackers use new tools, including an EDR evasion driver, to enhance stealth in their campaigns.
- The backdoor ToneShell is now delivered through kernel-mode loaders, increasing its resilience against detection.
- Advanced obfuscation techniques, like API hash resolution and registry monitoring, are used to evade security measures.
Read More: https://www.securityweek.com/chinese-apt-mustang-panda-caught-using-kernel-mode-rootkit/