Neodymium

Description

Neodymium is an activity group that conducted a campaign in May 2016 and has heavily targeted Turkish victims. The group has demonstrated similarity to another activity group called Promethium, StrongPity due to overlapping victim and campaign characteristics. Neodymium is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified.

(Microsoft) Neodymium is an activity group that is known to use a backdoor malware detected by Microsoft as Wingbird. This backdoor’s characteristics closely match FinFisher, a government-grade commercial surveillance package. Data about Wingbird activity indicate that it is typically used to attack individual computers instead of networks.

Names

Name	Name-Giver
Neodymium	Microsoft

Country

Turkey

Motivation

Information theft and espionage

First Seen

2016

Observed Countries

Europe

Tools

Wingbird

Information

https://www.microsoft.com/security/blog/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/

Mitre Attack

https://attack.mitre.org/groups/G0055/

Other Information

Uuid

05fb2a9c-1ffb-4a2d-87fc-4103c9c62adf

Last Card Change

2020-04-22

Threat Intelligence Garden

Explorer

Neodymium

Neodymium

Description

Names

Country

Motivation

First Seen

Observed Countries

Tools

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks