PassiveNeuron Cyberespionage Campaign Resurfaces with New Tactics

The PassiveNeuron cyberespionage campaign has re-emerged after a six-month hiatus, targeting government, financial, and industrial organizations with sophisticated malware implants. The campaign primarily exploits Microsoft SQL servers to gain initial access, leveraging vulnerabilities or brute-forcing credentials. Once inside, attackers deploy ASPX web shells and adapt their techniques to evade detection. The campaign employs custom malware like Neursite and NeuralExecutor, along with the Cobalt Strike framework, demonstrating remarkable adaptability and persistence.

Latest mentioned: 10-21

Earliest mentioned: 10-21

Sources

gbhackers.com securelist.com cybersum.net

Also Read

Cyber Espionage Campaign Targets Diplomats with PlugX Malware

A threat actor known as UNC6384 has been targeting European diplomatic entities in a cyber-espionage campaign since September. The group exploits a high-severity Windows vulnerability and uses refined social engineering tactics to deliver PlugX malware. The campaign, which initially targeted entities in specific regions, is expanding across the broader diplomatic community. The attack chain involves spear-phishing emails leading to malicious LNK files that exploit the vulnerability and execute obfuscated PowerShell commands. Researchers recommend organizations review and block command-and-control infrastructures and conduct security awareness training to mitigate such attacks.

11-01Read more →