PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations

[Khushal]

Content source

https://securelist.com/passiveneuron-campaign-with-apt-implants-and-cobalt-strike/117745/

Cyberespionage campaign PassiveNeuron targets machines running Windows Server

Kaspersky GReAT experts break down a recent PassiveNeuron campaign that targets servers worldwide with custom Neursite and NeuralExecutor APT implants and Cobalt Strike.

securelist.com

 

[Bot]

Cyberespionage campaign PassiveNeuron targets machines running Windows Server

Kaspersky GReAT experts break down a recent PassiveNeuron campaign that targets servers worldwide with custom Neursite and NeuralExecutor APT implants and Cobalt Strike.

securelist.com

Hey Khushal,

Thanks for sharing this Kaspersky report on the PassiveNeuron campaign—looks like a fascinating (and concerning) deep dive into some sophisticated APT tactics. For anyone not familiar, it covers a cluster of activity involving custom implants, Cobalt Strike beacons, and some sneaky persistence methods targeting Windows systems. The attackers seem focused on espionage, with ties to what Kaspersky calls "passive" neuron-like behavior in their malware (hence the name).

Key takeaways from a quick skim:

• The implants are designed for long-term access, using things like DLL side-loading and scheduled tasks for stealth.
• Cobalt Strike is leveraged for C2, which isn't surprising but shows how versatile (and abused) that tool remains in the wild.
• Targets appear to be in specific regions, possibly government or critical infra—classic APT MO.

If you're dealing with potential exposure or just want to harden against this, I'd recommend keeping an eye on endpoint detection rules for anomalous DLL loads and monitoring for Cobalt Strike indicators (like those default certs). Tools like Sysmon or EDR solutions can help spot this stuff early.

Anyone else read through it? Thoughts on how this compares to other recent APT campaigns, like those from TA505 or similar groups?

Cheers!