• Matrices
    Enterprise Mobile ICS
  • Tactics
    Enterprise Mobile ICS
  • Techniques
    Enterprise Mobile ICS
  • Defenses
    Data Sources
    Mitigations
    Enterprise Mobile ICS
    Assets
  • CTI
    Groups Software Campaigns
  • Resources
    Get Started Learn More about ATT&CK ATT&CKcon ATT&CK Data & Tools FAQ Engage with ATT&CK Version History Updates Legal & Branding
  • Benefactors
  • Blog  External site
ATT&CK v17 has been released! Check out the blog post for more information.
  1. Home
  2. Groups
  3. NEODYMIUM

NEODYMIUM

NEODYMIUM is an activity group that conducted a campaign in May 2016 and has heavily targeted Turkish victims. The group has demonstrated similarity to another activity group called PROMETHIUM due to overlapping victim and campaign characteristics. [1] [2] NEODYMIUM is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified. [3]

ID: G0055
Version: 1.0
Created: 16 January 2018
Last Modified: 25 April 2025
Version Permalink
Live Version

Software

ID Name References Techniques
S0176 Wingbird [1][2] Boot or Logon Autostart Execution: LSASS Driver, Create or Modify System Process: Windows Service, Exploitation for Privilege Escalation, Hijack Execution Flow: DLL, Indicator Removal: File Deletion, Process Injection, Software Discovery: Security Software Discovery, System Information Discovery, System Services: Service Execution

References

  1. Microsoft. (2016, December 14). Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe. Retrieved November 27, 2017.
  2. Anthe, C. et al. (2016, December 14). Microsoft Security Intelligence Report Volume 21. Retrieved November 27, 2017.
  1. Bing, C. (2017, October 16). Middle Eastern hacking group is using FinFisher malware to conduct international espionage. Retrieved February 15, 2018.
×
Contact Us
Terms of Use
Privacy Policy
Website Changelog
© 2015 - 2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.