TONESHELL

IBM X-Force reports that the Mustang Panda group has deployed an updated TONESHELL backdoor alongside a new USB worm named SnakeDisk, with SnakeDisk geofenced to Thailand and capable of dropping Yokai, a reverse-shell backdoor. The investigation highlights ongoing evolution within Hive0154 and a focus on targeted regional operations.