1. Home
  2. Groups
  3. NEODYMIUM

NEODYMIUM

NEODYMIUM is an activity group that conducted a campaign in May 2016 and has heavily targeted Turkish victims. The group has demonstrated similarity to another activity group called PROMETHIUM due to overlapping victim and campaign characteristics. [1] [2] NEODYMIUM is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified. [3]

ID: G0055
Version: 1.0
Created: 16 January 2018
Last Modified: 25 March 2019

Software

ID Name References Techniques
S0176 Wingbird [1][2] 创建或修改系统进程: Windows Service, 劫持执行流: DLL Side-Loading, 启动或登录自动启动执行: LSASS Driver, 权限提升漏洞利用, 移除指标: File Deletion, 系统信息发现, 系统服务: Service Execution, 软件发现: Security Software Discovery, 进程注入

References

  1. Microsoft. (2016, December 14). Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe. Retrieved November 27, 2017.
  2. Anthe, C. et al. (2016, December 14). Microsoft Security Intelligence Report Volume 21. Retrieved November 27, 2017.
  1. Bing, C. (2017, October 16). Middle Eastern hacking group is using FinFisher malware to conduct international espionage. Retrieved February 15, 2018.