Key Findings HoneyMyte, also known as Mustang Panda or Bronze President, has deployed a sophisticated kernel-mode rootkit to infiltrate government networks in Southeast and East Asia. The rootkit, named ProjectConfiguration.sys, is signed with a stolen digital certificate to bypass security checks. The rootkit acts as a "bodyguard" for HoneyMyte's malware, including the group's signature backdoor ToneShell, by manipulating driver loading order to blind security software like
