NEODYMIUM

NEODYMIUM is an activity group that conducted a campaign in May 2016 and has heavily targeted Turkish victims. The group has demonstrated similarity to another activity group called PROMETHIUM due to overlapping victim and campaign characteristics. ^[1] ^[2] NEODYMIUM is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified. ^[3]

ID: G0055

Aliases: NEODYMIUM

Version: 1.0

Alias Descriptions

Name	Description
NEODYMIUM	^[1] ^[2]

Software

ID	Name	Techniques
S0176	Wingbird	DLL Side-Loading, Exploitation for Privilege Escalation, File Deletion, LSASS Driver, New Service, Process Injection, Security Software Discovery, Service Execution, System Information Discovery

References

Microsoft. (2016, December 14). Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe. Retrieved November 27, 2017.
Anthe, C. et al. (2016, December 14). Microsoft Security Intelligence Report Volume 21. Retrieved November 27, 2017.

Bing, C. (2017, October 16). Middle Eastern hacking group is using FinFisher malware to conduct international espionage. Retrieved February 15, 2018.