Back in 2024, Kaspersky researchers gave a brief description of a complex cyberespionage campaign that we dubbed “PassiveNeuron”. This campaign involved compromising the servers of government organizations with previously unknown APT implants, named “Neursite” and “NeuralExecutor”.
However, since its discovery, the PassiveNeuron campaign has been shrouded in mystery. For instance, it remained unclear how the implants in question were deployed or what actor was behind them. After the researchers detected this campaign and prevented its spreading back in June 2024, they did not see any further malware deployments linked to PassiveNeuron for quite a long time, about six months. However, since December 2024, Kaspersky researchers have observed a new wave of infections related to PassiveNeuron, with the latest ones dating back to August 2025.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cyber crime a big threat to Nigeria’s oil, gas sector
May 14, 2025
Nigeria’s strategic oil and gas industry has been urged to beef up its cyber security and avoid massive potential cost to the economy if current measures fail. According to Check Point’s African Perspectives on Cyber Security Report 2024, Nigeria continues to face one of the highest frequencies of cyber attacks in Africa, with organisations being attacked ...
- France: Daughter of crypto boss escapes Paris kidnap attempt in latest in series of attacks
May 14, 2025
Passers-by helped to foil the attempted kidnapping by armed assailants of the daughter and grandson of a French cryptocurrency boss in Paris, in a brazen daytime attack that was caught on camera. The incident prompted Paymium, the Crypto firm owned by the father of the woman targeted, to demand “protections” for companies in France’s cryptocurrency sphere. ...
- DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt
May 14, 2025
In January 2025, Unit 42 researchers identified a series of attacks distributing DarkCloud Stealer. The latest attack chain incorporated AutoIt to evade detection and used a file-sharing server to host the malware. This article explores the chain of events from these recent campaigns and analyzes the characteristics of these attacks. DarkCloud employs multi-stage payloads and obfuscated ...
- M&S warns shoppers are at risk from scammers after cyber attack
May 14, 2025
Marks & Spencer has warned shoppers to be on the lookout for scam calls and emails after hackers stole customer data from its systems. The retailer is this week writing to customers to alert them that personal data have been taken by cyber criminals, including partial credit card details, contact information, dates of birth and order ...
- Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan
May 13, 2025
In July 2024, Trend Micro disclosed the TIDRONE campaign, in which threat actors targeted Taiwan’s military and satellite industries. During their investigation, Trend Micro researchers discovered that multiple compromised entities were using the same enterprise resource planning (ERP) software. This led the researchers to engage with the ERP vendor, through which they uncovered additional details that ...
- Horabot Unleashed: A Stealthy Phishing Threat
May 12, 2025
In April, FortiGuard Labs observed a threat actor using phishing emails with malicious HTML files to spread Horabot, malware that primarily targets Spanish-speaking users. It is known for using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email credentials, harvest contact lists, and install banking ...