Group description: NEODYMIUM

NEODYMIUM, Group G0055 | MITRE ATT&CK® ATT&CK v19 will be released April 28th! Check out this blog post for information on the planned deprecation of Enterprise's Defense Evasion tactic in the upcoming release. Home Groups NEODYMIUM NEODYMIUM NEODYMIUM is an activity group that conducted a campaign in May 2016 and has heavily targeted Turkish victims. The group has demonstrated similarity to another activity group called PROMETHIUM due to overlapping victim and campaign characteristics. [1] [2] NEODYMIUM is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified. [3] ID:  G0055 Version : 1.0 Created:  16 January 2018 Last Modified:  25 April 2025 Version Permalink Live Version Software ID Name References Techniques S0176 Wingbird [1] [2] Boot or Logon Autostart Execution : LSASS Driver , Create or Modify System Process : Windows Service , Exploitation for Privilege Escalation , Hijack Execution Flow : DLL , Indicator Removal : File Deletion , Process Injection , Software Discovery : Security Software Discovery , System Information Discovery , System Services : Service Execution References Microsoft. (2016, December 14). Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe. Retrieved November 27, 2017. Anthe, C. et al. (2016, December 14). Microsoft Security Intelligence Report Volume 21. Retrieved November 27, 2017. Bing, C. (2017, October 16). Middle Eastern hacking group is using FinFisher malware to conduct international espionage. Retrieved February 15, 2018. × load more results