Skip to content

G0055 NEODYMIUM

NEODYMIUM is an activity group that conducted a campaign in May 2016 and has heavily targeted Turkish victims. The group has demonstrated similarity to another activity group called PROMETHIUM due to overlapping victim and campaign characteristics. 1 2 NEODYMIUM is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified. 3

Item Value
ID G0055
Associated Names
Version 1.0
Created 16 January 2018
Last Modified 25 March 2019
Navigation Layer View In ATT&CK® Navigator

Software

ID Name References Techniques
S0176 Wingbird 12 LSASS Driver:Boot or Logon Autostart Execution Windows Service:Create or Modify System Process Exploitation for Privilege Escalation DLL Side-Loading:Hijack Execution Flow File Deletion:Indicator Removal Process Injection Security Software Discovery:Software Discovery System Information Discovery Service Execution:System Services

References

  1. Microsoft. (2016, December 14). Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe. Retrieved November 27, 2017. 

  2. Anthe, C. et al. (2016, December 14). Microsoft Security Intelligence Report Volume 21. Retrieved November 27, 2017. 

  3. Bing, C. (2017, October 16). Middle Eastern hacking group is using FinFisher malware to conduct international espionage. Retrieved February 15, 2018.