PassiveNeuron APT Campaign Targeting Government, Financial, and Industrial Sectors

First reported

22.10.2025 11:58

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A new cyber espionage campaign, dubbed PassiveNeuron, targets government, financial, and industrial organizations in Asia, Africa, and Latin America. The campaign uses Neursite and NeuralExecutor malware to infiltrate and exfiltrate data from compromised servers. The threat actors leverage compromised internal servers as an intermediate command-and-control (C2) infrastructure to evade detection. The campaign was first flagged in November 2024 and has continued through August 2025. Initial access is gained through Microsoft SQL, followed by the deployment of various implants, including Neursite, NeuralExecutor, and Cobalt Strike. The malware supports various communication protocols and includes plugins for additional capabilities.

Timeline

22.10.2025 11:58 1 articles · 23h ago

PassiveNeuron campaign targets government, financial, and industrial sectors
The PassiveNeuron campaign, first flagged in November 2024, has continued through August 2025, targeting government, financial, and industrial organizations in Asia, Africa, and Latin America. The campaign uses Neursite and NeuralExecutor malware to infiltrate and exfiltrate data from compromised servers. Initial access is gained through Microsoft SQL, followed by the deployment of various implants, including Neursite, NeuralExecutor, and Cobalt Strike.
Show sources

Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware — thehackernews.com — 22.10.2025 11:58
Open in new tab

Information Snippets

PassiveNeuron targets government, financial, and industrial sectors in Asia, Africa, and Latin America.
First reported: 22.10.2025 11:58

1 source, 1 article
Show sources
- Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware — thehackernews.com — 22.10.2025 11:58
The campaign uses Neursite and NeuralExecutor malware for infiltration and data exfiltration.
First reported: 22.10.2025 11:58

1 source, 1 article
Show sources
- Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware — thehackernews.com — 22.10.2025 11:58
Threat actors leverage compromised internal servers as an intermediate C2 infrastructure.
First reported: 22.10.2025 11:58

1 source, 1 article
Show sources
- Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware — thehackernews.com — 22.10.2025 11:58
The campaign was first observed in November 2024 and continued through August 2025.
First reported: 22.10.2025 11:58

1 source, 1 article
Show sources
- Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware — thehackernews.com — 22.10.2025 11:58
Initial access is gained through Microsoft SQL, possibly via brute-forcing or SQL injection.
First reported: 22.10.2025 11:58

1 source, 1 article
Show sources
- Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware — thehackernews.com — 22.10.2025 11:58
Neursite is a modular backdoor that supports TCP, SSL, HTTP, and HTTPS protocols.
First reported: 22.10.2025 11:58

1 source, 1 article
Show sources
- Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware — thehackernews.com — 22.10.2025 11:58
NeuralExecutor retrieves C2 server addresses from a GitHub repository, using a dead drop resolver technique.
First reported: 22.10.2025 11:58

1 source, 1 article
Show sources
- Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware — thehackernews.com — 22.10.2025 11:58

Summary

Timeline

PassiveNeuron campaign targets government, financial, and industrial sectors

Information Snippets