The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.
Terms of Use for Securelist blog website (“Website”)
IMPORTANT! Carefully read the terms described in these Terms of Use before using the Website. If You do not agree with any provisions of these Terms of Use, You must not use the Website. By continuing use of the Website, You acknowledge that You have read these Terms of Use and accept them fully and unconditionally.
АО Kaspersky Lab (hereinafter “Kaspersky”) is the Rightholder of the Website. Kaspersky reserves the right, without prior notice, to change these Terms of Use at any time and in its sole discretion, and to modify the Website or any of its functionality. Such modifications will be effective upon posting on the Website. You are encouraged to check this page periodically for information about possible changes to these Terms of Use. Your continued use of the Website after changes to these Terms and Conditions constitutes your acceptance of such changes.
Definitions
Content – results of intellectual activity and means of individualization, including but not limited to text, photos, graphics, videos, trademarks and logos.
User (“You”) – natural person using the Website.
General Terms
Kaspersky grants you the right to use the Website free of charge within the scope of the functionality according to these Terms of Use.
The Website contains the results of intellectual activity and means of individualization, including but not limited to text, photos, graphics, videos, logos, trademarks owned by Kaspersky and/or the third parties. Any distribution, copying, publication or reproduction of Kaspersky Content or Content belonging to third parties not expressly authorized by these Terms of use and without prior written consent of the rightholder of such content is strictly prohibited, except as provided by applicable law.
Kaspersky grants You the free of charge right to publish the text of articles (or excerpts from articles) from the Website, without images and without any modification, provided that you give a link to the source in the following format: an active hyperlink to the article on the Website and the name of the source (Securelist blog). If You cite the text of the article in fragments rather than in full, You must indicate that the text is published with abbreviations (or only a quote is given) and an active hyperlink to the full version of the article.
You agree to comply with all applicable laws relating to your use of the Website, including, but not limited to, all applicable laws relating to electronic communications fraud, computer fraud, spamming, and privacy, trademark and copyright protection.
Limitations of use
While You use the Website, You must not:
- Test the Website to check for vulnerabilities, perform any act that could disable, overload or adversely affect the normal operation of the Website, such as a denial of service attack or page display failure.
Limitation of Liability
The Website may contain or show links to third-party websites or resources. Kaspersky provides these links solely for convenience and is not responsible for the availability, content, resources, or links to the products or services that they provide. You accept sole responsibility and assume all risk when using third-party websites or resources.
Kaspersky is not responsible for any delays, malfunctions or denials of access to the Website that may occur due to the fault of Your Internet service provider or mobile network operator.
THE WEBSITE IS PROVIDED “AS IS” WITHOUT WARRANTIES OR CONDITIONS (EXPRESS OR IMPLIED) INCLUDING, WITHOUT LIMITATION, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL KASPERSKY LAB BE LIABLE FOR ANY LOSS AND/OR DAMAGE ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE WEBSITE OR ITS USE.
Applicable law
Except as provided in the paragraphs of this “Applicable Law” section below, this User Agreement shall be governed by and construed in accordance with the laws of the country or territory in which you access the Website, without reference to or application of conflict of laws principles:
- Russia. If you accessed the Website in Russia, you are subject to the laws of the Russian Federation.
- United States, Puerto Rico, American Samoa, Guam and the U.S. Virgin Islands. If you access the Website in the United States, Puerto Rico, American Samoa, Guam or the U.S. Virgin Islands, then the laws of Massachusetts, U.S.A. will apply, provided, however, that claims under the laws of the state in which you reside will be governed by the state’s consumer protection, unfair competition or similar laws. To the fullest extent permitted by law, the Copyright Holder and you hereby agree to waive the right to a jury trial.
- Canada. If you access the Website in Canada, you are subject to the laws of the Province of Ontario.
- Mexico. If you accessed the Website in Mexico, you are subject to the federal laws of the Republic of Mexico.
- European Union (EU). If you accessed the Website in an EU member state, you are subject to German law.
- Australia. If you access the Website in Australia, you are subject to the laws of the state or territory from which you were accessed the Website.
- Hong Kong Special Administrative Region (SAR) and Macau SAR. If you accessed the Website in Hong Kong SAR or Macau SAR, you are subject to the laws of Hong Kong SAR.
- Taiwan. If you accessed the Website in Taiwan, you are subject to the laws of Taiwan.
- Japan. If you accessed the Website in Japan, you are subject to the laws of Japan.
- Any other country or territory. If you accessed the Website in any other country, the substantive laws of the country from which the Website was accessed.
Notwithstanding the foregoing, if the mandatory laws or public policy of any country or territory in which this user agreement applies or is interpreted prohibit the application of the law specified herein, then the laws of such country or territory shall apply instead to the extent required by mandatory laws or public policy. Similarly, if you are an individual consumer, the provisions of paragraphs a-j of this section do not affect the mandatory right you may have to take action in your country of residence under the laws of that country.
These Terms of Use are not governed by the United Nations Convention on Contracts for the International Sale of Goods, the application of which is expressly excluded.
Contact Information
AO Kaspersky Lab, Bldg. 3, 39A, Leningradskoe Shosse
Moscow, 125212
Russian Federation
PSRN: 1027739867473
E-mail: info@kaspersky.com
Web site: https://www.kaspersky.com
© 2024 AO Kaspersky Lab
Last change of the ToU: 16.12.2025
Reports
Evasive Panda APT poisons DNS requests to deliver MgBot
Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.
Cloud Atlas activity in the first half of 2025: what changed
Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.
Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports
Kaspersky’s GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.
