NEODYMIUM is an activity group that conducted a campaign in May 2016 and has heavily targeted Turkish victims. The group has demonstrated similarity to another activity group called PROMETHIUM due to overlapping victim and campaign characteristics. ^[1] ^[2] NEODYMIUM is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified. ^[3]

ID: G0055

Version: 1.0

Created: 16 January 2018

Last Modified: 25 March 2019

Version Permalink

Live Version

Software

ID	Name	References	Techniques
S0176	Wingbird	^[1]^[2]	Boot or Logon Autostart Execution: LSASS Driver, Create or Modify System Process: Windows Service, Exploitation for Privilege Escalation, Hijack Execution Flow: DLL Side-Loading, Indicator Removal on Host: File Deletion, Process Injection, Software Discovery: Security Software Discovery, System Information Discovery, System Services: Service Execution

References

Bing, C. (2017, October 16). Middle Eastern hacking group is using FinFisher malware to conduct international espionage. Retrieved February 15, 2018.