Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

PassiveNeuron multi-region espionage campaign

Campaign
First reported
Last updated
Happening score
H score 38
1 unique sources, 1 articles

Summary

Hide ▲

PassiveNeuron is an active cyber espionage campaign targeting government, financial, and industrial organizations across Asia, Africa, and Latin America, with a fresh wave of infections seen from December 2024 through August 2025. The operation uses compromised internal servers as intermediate C2 infrastructure and has been tied to Neursite, NeuralExecutor, and Cobalt Strike. Its server-first tradecraft raises the risk of lateral movement and data exfiltration inside target networks.

Related Happenings

Webworm EchoCreep and GraphWorm backdoor expansion

Malware Activity
First: 20.05.2026 15:51 Last: 20.05.2026 15:51 Sources 1

About this happening: **Webworm** expanded its malware arsenal in **2025** with the custom backdoors **EchoCreep** and **GraphWorm**, increasing its ability to run stealthy **command-and-control** oper...

Open Happening

Webworm expanded European government and South Africa university espionage campaign

Campaign
First: 20.05.2026 14:30 Last: 20.05.2026 14:30 Sources 1

About this happening: Webworm expanded its **2025 espionage campaign** into **European government organizations** and a **university in South Africa**, widening the cross-region targeting risk. The ope...

Open Happening

FamousSparrow multi-wave intrusion campaign against Azerbaijani oil and gas company

Campaign
First: 13.05.2026 16:00 Last: 13.05.2026 16:00 Sources 1

About this happening: A **China-affiliated** actor tracked as **FamousSparrow (UAT-9244)** ran a **multi-wave intrusion** against an **unnamed Azerbaijani oil and gas company** from **late December 202...

Open Happening

FamousSparrow Azerbaijanian oil-and-gas targeting campaign

Campaign
First: 13.05.2026 16:00 Last: 13.05.2026 16:00 Sources 1

About this happening: The **China-linked FamousSparrow group** ran a **targeted cyberespionage campaign** against an **Azerbaijanian oil-and-gas company** in the **South Caucasus**, highlighting a new...

Open Happening

Warlock ransomware post-exploitation tooling upgrades

Malware Activity
First: 17.03.2026 17:36 Last: 17.03.2026 17:36 Sources 1

About this happening: The **Warlock ransomware group** has upgraded its post-exploitation toolset with **BYOVD**, **TightVNC**, and **Yuze**, making intrusions harder to detect and interrupt. In an obs...

Open Happening

Timeline

  1. 22.10.2025 11:58 2 articles · 7mo ago

    Kaspersky discloses PassiveNeuron espionage campaign

    Initial Disclosure

    Kaspersky disclosed PassiveNeuron as a new espionage campaign targeting government, financial, and industrial organizations in Asia, Africa, and Latin America, and said it had observed a fresh wave of infections from December 2024 through August 2025 alongside earlier June activity against government entities in Latin America and East Asia using Neursite and NeuralExecutor.

    Show sources
    Open in new tab