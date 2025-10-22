Threat Intelligence

China-linked cyberespionage sets sights on prominent global orgs

China Bans Cyber Attacks: Examining Internet Security with Chinese Flag and Binary Data Through a Magnifying Glass Concept

(Adobe Stock)

High-profile industrial, finance, and government entities in Latin America, Asia, and Africa have had their Windows Servers targeted with several illicit implants as part of the China-linked PassiveNeuron cyberespionage campaign, which has been on and off from June 2024 to August 2025, according to SecurityWeek.

Intrusions involved the exploitation of Windows server vulnerabilities, with threat actors targeting Microsoft SQL software to obtain initial remote code execution capabilities in one instance, a report from Kaspersky showed.

Attackers then mostly leveraged a chain of DLL loaders within the System32 directory to facilitate the delivery of the novel custom Neursite and NeuralExecutor payloads, as well as the Cobalt Strike framework.

Further analysis of the Neursite backdoor and NeuralExecutor loader revealed their acquisition of GitHub command-and-control server addresses, which was previously observed with Chinese state-backed threat operations APT27 and APT31, as well as a PDB string linked to APT41, another China-nexus hacking group.

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

DNS SpoofingDeauthentication AttackDefacementDenial of ServiceDictionary AttackDistributed ScansDomain HijackingDumpSecDumpster DivingGoogle Hacking

You can skip this ad in 5 seconds