The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk.”The worm only executes on devices with Thailand-based IP addresses and drops the Yokai backdoor,” IBM X-Force researchers Golo Mühr and Joshua Chung said in an analysis published last week.The tech giant’s
First seen on thehackernews.com
Jump to article: thehackernews.com/2025/09/mustang-panda-deploys-snakedisk-usb.html
