Back in 2024, Kaspersky researchers gave a brief description of a complex cyberespionage campaign that we dubbed “PassiveNeuron”. This campaign involved compromising the servers of government organizations with previously unknown APT implants, named “Neursite” and “NeuralExecutor”.
However, since its discovery, the PassiveNeuron campaign has been shrouded in mystery. For instance, it remained unclear how the implants in question were deployed or what actor was behind them. After the researchers detected this campaign and prevented its spreading back in June 2024, they did not see any further malware deployments linked to PassiveNeuron for quite a long time, about six months. However, since December 2024, Kaspersky researchers have observed a new wave of infections related to PassiveNeuron, with the latest ones dating back to August 2025.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Chaos ransomware hits Optima Tax Relief, leaks 69GB of data
June 21, 2025
Cyberattacks on financial service providers are no longer isolated events. In recent years, tax preparation companies, accounting software vendors and data brokers have all found themselves in the crosshairs of increasingly aggressive ransomware gangs. These attacks don’t just disrupt operations but also expose deeply personal financial information that can fuel identity theft, fraud and long-term reputational ...
- Resurgence of the Prometei Botnet
June 20, 2025
In March 2025, Unit 42 researchers identified a wave of Prometei attacks. Prometei refers to both the botnet and the malware family used to operate it. This malware family, which includes both Linux and Windows variants, allows attackers to remotely control compromised systems for cryptocurrency mining (particularly Monero) and credential theft. This article focuses on the ...
- Canadian Centre for Cyber Security/FBI: People’s Republic of China cyber threat activity
June 20, 2025
The Canadian Centre for Cyber Security (Cyber Centre) and the United States’ Federal Bureau of Investigation (FBI) are warning Canadians of the threat posed by People’s Republic of China (PRC) state-sponsored cyber threat actor tracked in industry reporting as Salt Typhoon. The Cyber Centre previously joined our partners in warning that PRC cyber actors have compromised ...
- M&S cyber attack deepens as tech partner TCS denies blame
June 20, 2025
Tata Consultancy Services (TCS), the tech firm at the centre of speculation around the M&S cyber attack, has claimed that none of its systems or users were compromised in the incident. The statement, delivered at the company’s annual shareholder meeting, is the first public comment from the group since M&S was hit by a major cyber ...
- Cybercriminals breach Aflac as part of hacking spree against US insurance industry
June 20, 2025
Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information, the company said Friday, the latest in a spree of hacks against the insurance industry. With billions of dollars in annual revenue and tens of millions of customers, Aflac is the biggest victim yet in the ongoing digital assault on ...
- Iranian missile strikes tech park housing Microsoft office in Israel’s Beer Sheva
June 20, 2025
First responders are searching buildings for people wounded after an Iranian missile struck close to a tech park in the Israeli city of Beer Sheva, according to Israel’s emergency services agency Magen David Adom (MDA). MDA said they found six people who were slightly injured as a result of the strike, as they continue to search ...