Names | Neodymium (Microsoft) | |
Country | Turkey | |
Motivation | Information theft and espionage | |
First seen | 2016 | |
Description | Neodymium is an activity group that conducted a campaign in May 2016 and has heavily targeted Turkish victims. The group has demonstrated similarity to another activity group called Promethium, StrongPity due to overlapping victim and campaign characteristics. Neodymium is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified. (Microsoft) Neodymium is an activity group that is known to use a backdoor malware detected by Microsoft as Wingbird. This backdoor’s characteristics closely match FinFisher, a government-grade commercial surveillance package. Data about Wingbird activity indicate that it is typically used to attack individual computers instead of networks. | |
Observed | Countries: Europe. | |
Tools used | Wingbird. | |
Information | <https://www.microsoft.com/security/blog/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/> | |
MITRE ATT&CK | <https://attack.mitre.org/groups/G0055/> |
Last change to this card: 22 April 2020
Download this actor card in PDF or JSON format
Previous: NB65
Next: NetTraveler, APT 21, Hammer Panda
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |