Chinese state hackers use rootkit to hide ToneShell malware activity

A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations.

Researchers identify new ToneShell backdoor targeting government agencies

To defend against the new attacks, the researchers advise memory forensics as the number one way of spotting ToneShell ...
SecurityWeek

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit

The China-linked Mustang Panda APT has been using a kernel-mode rootkit in attacks leading to ToneShell backdoor deployments.
ZDNet

Trend Micro ships free 'rootkit buster'

Trend Micro has quietly released a rootkit scanning/cleaning utility, belatedly joining the list of anti-vendors pushing out free standalone tools to nab the stealthy computer threats. Trend Micro's ...
The Hacker News

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security ...
Infosecurity-magazine.com

New Syslogk Linux Kernel Rootkit Uses "Magic Packets" to Trigger Remote Backdoor Access

A new Linux kernel rootkit dubbed ‘syslogk’ has been spotted in the wild by Avast cybersecurity researchers. According to an advisory by David Álvarez and Jan Neduchal, syslogk would be able to cloak ...
Bleeping Computer

APT28 Uses LoJax, First UEFI Rootkit Seen in the Wild

Security researchers tracking the operations of a cyber-espionage group found the first evidence of a rootkit for the Unified Extensible Firmware Interface (UEFI) being used in the wild. The threat ...
CRN

Researchers Discover Rootkit Variation

When combined with Web threats, the new rootkit is proving to be both a destructive and prolific combination, security experts say. The rootkit models a similar virus from several years ago but with ...