PROMETHIUM is an activity group focused on espionage that has been active since at least 2012. The group has conducted operations globally with a heavy emphasis on Turkish targets. PROMETHIUM has demonstrated similarity to another activity group called NEODYMIUM due to overlapping victim and campaign characteristics.
Associated Group Descriptions
|Enterprise||T1547||.001||Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder|
|Enterprise||T1543||.003||Create or Modify System Process: Windows Service|
|Enterprise||T1587||.002||Develop Capabilities: Code Signing Certificates|
|.003||Develop Capabilities: Digital Certificates|
|Enterprise||T1036||.004||Masquerading: Masquerade Task or Service|
|.005||Masquerading: Match Legitimate Name or Location|
|Enterprise||T1553||.002||Subvert Trust Controls: Code Signing|
|Enterprise||T1205||.001||Traffic Signaling: Port Knocking|
|Enterprise||T1204||.002||User Execution: Malicious File||
PROMETHIUM has attempted to get users to execute compromised installation files for legitimate software including compression applications, security software, browsers, file recovery applications, and other tools and utilities.
|Enterprise||T1078||.003||Valid Accounts: Local Accounts|