Key Findings Mustang Panda (aka HoneyMyte, Camaro Dragon, RedDelta, Bronze President) used a signed kernel-mode rootkit driver to deploy its ToneShell backdoor in attacks targeting government entities in Southeast and East Asia, especially Myanmar and Thailand. The driver file, named "ProjectConfiguration.sys", is signed with a stolen or leaked digital certificate from Guangzhou Kingteller Technology Co., Ltd. (serial number 08 01 CC 11 EB 4D 1D 33 1E 3D 54 0C 55 A4 9F 7F). T
