JUST RELEASED: ATT&CK for Industrial Control Systems

NEODYMIUM

NEODYMIUM is an activity group that conducted a campaign in May 2016 and has heavily targeted Turkish victims. The group has demonstrated similarity to another activity group called PROMETHIUM due to overlapping victim and campaign characteristics. [1] [2] NEODYMIUM is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified. [3]

ID: G0055
Version: 1.0
Created: 16 January 2018
Last Modified: 25 March 2019

Software

ID Name References Techniques
S0176 Wingbird [1] [2] DLL Side-Loading, Exploitation for Privilege Escalation, File Deletion, LSASS Driver, New Service, Process Injection, Security Software Discovery, Service Execution, System Information Discovery

References