Skip to content


NEODYMIUM is an activity group that conducted a campaign in May 2016 and has heavily targeted Turkish victims. The group has demonstrated similarity to another activity group called PROMETHIUM due to overlapping victim and campaign characteristics. 1 2 NEODYMIUM is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified. 3

Item Value
ID G0055
Associated Names
Version 1.0
Created 16 January 2018
Last Modified 25 March 2019
Navigation Layer View In ATT&CK® Navigator


ID Name References Techniques
S0176 Wingbird - LSASS Driver:Boot or Logon Autostart Execution Windows Service:Create or Modify System Process Exploitation for Privilege Escalation DLL Side-Loading:Hijack Execution Flow File Deletion:Indicator Removal on Host Process Injection Security Software Discovery:Software Discovery System Information Discovery Service Execution:System Services


Back to top