The HoneyMyte cyber-espionage group has enhanced its toolkit by deploying a sophisticated kernel-mode rootkit to infiltrate government networks in Southeast Asia. This evolution in tactics emphasizes stealth, resilience, and long-term access, utilizing advanced malware like ToneShell and techniques to bypass traditional detection methods. #HoneyMyte #ToneShell
Keypoints
- HoneyMyte has deployed a new kernel-mode rootkit, ProjectConfiguration.sys, in its latest campaign.
- The driver is signed with a stolen digital certificate from Guangzhou Kingteller Technology Co., Ltd., to bypass security checks.
- The malware manipulates system drivers to disable security tools like Microsoft Defender, enhancing stealth.
- ToneShell, the groupβs signature backdoor, is now delivered through a kernel-mode loader for increased protection from detection.
- The campaign targets governments in Myanmar and Thailand, aiming for long-term access to high-value intelligence assets.