Back in 2024, Kaspersky researchers gave a brief description of a complex cyberespionage campaign that we dubbed “PassiveNeuron”. This campaign involved compromising the servers of government organizations with previously unknown APT implants, named “Neursite” and “NeuralExecutor”.
However, since its discovery, the PassiveNeuron campaign has been shrouded in mystery. For instance, it remained unclear how the implants in question were deployed or what actor was behind them. After the researchers detected this campaign and prevented its spreading back in June 2024, they did not see any further malware deployments linked to PassiveNeuron for quite a long time, about six months. However, since December 2024, Kaspersky researchers have observed a new wave of infections related to PassiveNeuron, with the latest ones dating back to August 2025.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Polish space agency says it’s investigating a cyberattack
March 4, 2025
Poland’s space agency (POLSA) says it is working to restore services following a cybersecurity incident. POLSA, the Polish government agency responsible for the country’s space activities, said in a post on X that it had “immediately disconnected” its network from the internet after detecting the cyberattack on Sunday. POLSA’s website remains offline at the time of ...
- Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal
March 3, 2025
The Trend Micro Managed XDR and Incident Response (IR) teams recently analyzed incidents where threat actors deploying Black Basta and Cactus ransomware used the same BackConnect malware to strengthen their foothold on compromised machines. The BackConnect malware is a tool that cybercriminals use to establish and maintain persistent control over compromised systems. Once infiltrated, it grants ...
- Havoc: SharePoint with Microsoft Graph API turns into FUD C2
March 3, 2025
Havoc is a powerful command-and-control (C2) framework. Like other well-known C2 frameworks, such as Cobalt Strike, Silver, and Winos4.0, Havoc has been used in threat campaigns to gain full control over the target. Additionally, It is open-source and available on GitHub, making it easier for threat actors to modify it to evade detection. FortiGuard Labs recently ...
- Uncovering .NET Malware Obfuscated by Encryption and Virtualization
March 3, 2025
This article examines obfuscation techniques used in popular malware families, and offers some insights into possible opportunities for automating unpacking of these malware samples. Palo Alto researchers will examine these behaviors in samples we have observed, showing how to extract their configuration parameters through unpacking each stage. Performing this same process through automation would allow a ...
- Mobile malware evolution in 2024
March 3, 2025
These statistics are based on detection alerts from Kaspersky products, collected from users who consented to provide statistical data to Kaspersky Security Network. The statistics for previous years may differ from earlier publications due to a data and methodology revision implemented in 2024. According to Kaspersky Security Network, in 2024: A total of 33.3 million attacks involving ...
- Philippines: 5.4M cyber attacks against government agencies deterred in 2024
March 1, 2025
The Department of Information and Communications Technology (DICT) was able to prevent over 5 million attempts to compromise the cybersecurity of several government agencies last year. “In 2024, the DICT automatically deterred approximately 5.4 million malicious attempts against 32 government agencies connected to our national security operations,” DICT Undersecretary for Cybersecurity Jeffrey Ian Dy said at ...