Threat Intelligence

China-linked cyberespionage sets sights on prominent global orgs

China Bans Cyber Attacks: Examining Internet Security with Chinese Flag and Binary Data Through a Magnifying Glass Concept

High-profile industrial, finance, and government entities in Latin America, Asia, and Africa have had their Windows Servers targeted with several illicit implants as part of the China-linked PassiveNeuron cyberespionage campaign, which has been on and off from June 2024 to August 2025, according to SecurityWeek.

Intrusions involved the exploitation of Windows server vulnerabilities, with threat actors targeting Microsoft SQL software to obtain initial remote code execution capabilities in one instance, a report from Kaspersky showed.

Attackers then mostly leveraged a chain of DLL loaders within the System32 directory to facilitate the delivery of the novel custom Neursite and NeuralExecutor payloads, as well as the Cobalt Strike framework.

Further analysis of the Neursite backdoor and NeuralExecutor loader revealed their acquisition of GitHub command-and-control server addresses, which was previously observed with Chinese state-backed threat operations APT27 and APT31, as well as a PDB string linked to APT41, another China-nexus hacking group.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds