A threat actor has been targeting organizations in Asia, Africa, and Latin America.

This campain has been dubbed “PassiveNeuron” and has ongoing for at least two years. Three implants used in the campaign over the past two years have been identified, those being Neursite (a custom C++ modular backdoor), NeuralExecutor (a custom .NET implant), and the Cobalt Strike framework. Recently, C&C server addresses from GitHub were being obtained by Neursite and NeuralExecutor samples. This campaign is unique in its primary targeting of server machines.

Read more:

https://www.securityweek.com/government-industrial-servers-targeted-in-china-linked-passiveneuron-campaign/