ETDA ThaiCERT
Report
Search
Home > List all groups > Terbium

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Terbium

NamesTerbium (Microsoft)
Country[Unknown]
MotivationSabotage and destruction
First seen2012
Description(Microsoft) A few weeks ago, multiple organizations in the Middle East fell victim to targeted and destructive attacks that wiped data from computers, and in many cases rendering them unstable and unbootable. Destructive attacks like these have been observed repeatedly over the years and the Windows Defender and Windows Defender Advanced Threat Protection Threat Intelligence teams are working on protection, detection, and response to these threats.

Microsoft Threat Intelligence identified similarities between this recent attack and previous 2012 attacks against tens of thousands of computers belonging to organizations in the energy sector. Microsoft Threat Intelligence refers to the activity group behind these attacks as Terbium, following our internal practice of assigning rogue actors chemical element names.
ObservedCountries: Middle East.
Tools usedDepriz.
Information<https://www.microsoft.com/security/blog/2016/12/09/windows-10-protection-detection-and-response-against-recent-attacks/>

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Previous: TEMP.Veles
Next: Tonto Team, HartBeat, Karma Panda

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key