Chinese state hackers use rootkit to hide ToneShell malware activity

A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations.

Researchers identify new ToneShell backdoor targeting government agencies

To defend against the new attacks, the researchers advise memory forensics as the number one way of spotting ToneShell ...