The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
• Overview of the attacks In mid-2025, we identified a malicious driver file on computer systems in Asia. • The driver file is signed with an old, stolen, or leaked digital certifi