PassiveNeuron Cyberespionage Campaign Resurfaces with New Tactics

Cyber Security News by CyberSum.net

Published on October 21, 2025 at 09:00 PM

2 sources

The PassiveNeuron cyberespionage campaign has re-emerged after a six-month hiatus, targeting government, financial, and industrial organizations with sophisticated malware. The campaign primarily exploits Microsoft SQL servers to gain initial access, leveraging vulnerabilities or brute-forcing credentials. Attackers deploy ASPX web shells and adapt their techniques to evade detection, using custom malware like Neursite and NeuralExecutor. The campaign's persistence and targeted nature highlight the need for robust SQL injection defenses and comprehensive web shell detection.

Also Read

Famous Chollima Uses Fake Job Offers to Spread Malware

Cisco Talos has exposed a malware campaign by Famous Chollima, a threat group aligned with the Lazarus APT. The campaign uses fake job offers to infect developers with BeaverTail and OtterCookie malware, which now include keylogging and cryptocurrency wallet stealing capabilities. The infection chain begins with a trojanized Node.js project called Chessfi, leading to the execution of a combined malware payload. The campaign targets cryptocurrency browser extensions and evolves to blend espionage with financial crime, aligning with the focus on cryptocurrency theft to evade sanctions.

By Cyber Security News by CyberSum.netOctober 17, 2025 at 09:00 AM