Chinese state hackers use rootkit to hide ToneShell malware activity

A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations.
SecurityWeek

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit

The China-linked Mustang Panda APT has been using a kernel-mode rootkit in attacks leading to ToneShell backdoor deployments.
Dark Reading

Hackers Target Gamers With Microsoft-Signed Rootkit

A new campaign targeting gaming users in China is the latest example of how threat actors are increasingly using sophisticated rootkits to hide malicious payloads, disable security tools, and maintain ...
CRN

Microsoft Exec: Windows Will Enable Security Tools To Run ‘Outside Of Kernel Mode’

Following the massive Windows outage in July caused by a defective CrowdStrike update, Microsoft is working on a way to allow security products to ‘run in user mode just as apps do,’ Microsoft’s David ...
TechRepublic

Cisco Talos Reports Microsoft Windows Policy Loophole Being Exploited by Threat Actor

Cisco Talos Reports Microsoft Windows Policy Loophole Being Exploited by Threat Actor Your email has been sent Why malicious kernel-mode drivers are a severe threat Tools to exploit the loophole have ...
Forbes

Dangerous Windows 10, 11 And Server Rootkit Exploited By Hackers

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. The notorious and highly prolific North Korean Lazarus ...