PROMETHIUM is an activity group that has been active since at least 2012. The group conducted a campaign in May 2016 and has heavily targeted Turkish victims. PROMETHIUM has demonstrated similarity to another activity group called NEODYMIUM due to overlapping victim and campaign characteristics. [1] [2]

ID: G0056
Version: 1.0
Created: 16 January 2018
Last Modified: 25 March 2019


ID Name References Techniques
S0178 Truvasys


Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder, Masquerading: Masquerade Task or Service