ETDA ThaiCERT
Report
Search
Home > List all groups > Neodymium

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Neodymium

NamesNeodymium (Microsoft)
CountryTurkey Turkey
MotivationInformation theft and espionage
First seen2016
DescriptionNeodymium is an activity group that conducted a campaign in May 2016 and has heavily targeted Turkish victims. The group has demonstrated similarity to another activity group called Promethium, StrongPity due to overlapping victim and campaign characteristics. Neodymium is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified.

(Microsoft) Neodymium is an activity group that is known to use a backdoor malware detected by Microsoft as Wingbird. This backdoor’s characteristics closely match FinFisher, a government-grade commercial surveillance package. Data about Wingbird activity indicate that it is typically used to attack individual computers instead of networks.
ObservedCountries: Europe.
Tools usedWingbird.
Information<https://www.microsoft.com/security/blog/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/>
MITRE ATT&CK<https://attack.mitre.org/groups/G0055/>

Last change to this card: 22 April 2020

Download this actor card in PDF or JSON format

Previous: Nazar
Next: NetTraveler, APT 21, Hammer Panda

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key