Chinese state hackers use rootkit to hide ToneShell malware activity

A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations.
The Hacker News

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security ...
SecurityWeek

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit

The China-linked Mustang Panda APT has been using a kernel-mode rootkit in attacks leading to ToneShell backdoor deployments.

While Microsoft is obsessed with AI, Valve is stealing PC gaming away

Microsoft’s big focus for Windows is AI integration. Meanwhile, Valve has been not-so-quietly pilfering the entire PC gaming ...
BBC Technology

The rootkit of all evil?

Sony BMG, the record company part of the multinational corporation that makes laptops, TVs, movies and many other things, is in trouble this week thanks to a copy protection scheme it has used on a ...

Researchers identify new ToneShell backdoor targeting government agencies

To defend against the new attacks, the researchers advise memory forensics as the number one way of spotting ToneShell ...
Cybernews

Chinese state hackers plant malware inside Windows

The Chinese-linked group Mustang Panda used a kernel-level rootkit to deploy undetectable TONESHELL malware, targeting ...
The Record

Threat actor uses HP iLO rootkit to wipe servers

An Iranian cyber-security firm said it discovered a first-of-its-kind rootkit that hides inside the firmware of HP iLO devices and which has been used in real-world attacks to wipe servers of Iranian ...
GitHub

Enhancement: Show Symbolic Link and Resolved File in Warnings #5

Hi team, thanks for maintaining rkhunter. I’ve encountered a situation that inspired this small enhancement suggestion. I hope it’s helpful, and I’m happy to clarify or revise if needed. Thanks for ...