Neon

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Neon is a threat actor that has significantly impacted the global chip supply chain. In April, we highlighted the disruption caused by Neon in the context of the ongoing global chip supply chain crisis, notably the halving of chip output since Russia's attack on Ukraine and the growing threat of fake chips to national security and critical systems. The actions of this threat actor have also led to design concerns shifting towards component sourcing, as component shortages have created concern for long-term sourcing, even for prototypes. The malware associated with Neon has been found to search outright for data files tied to 17 different types of wallets, including Atomic, Guarda, SimplEOS, and NEON. This malware specifically targets wallet data, OpenVPN, and remote desktop protocol credentials, posing a significant threat to cybersecurity. Furthermore, Neon uses a complex input parameter "data" for the KSA routine, which is the XOR result of two 16-byte keys, adding to its technical sophistication and potential damage capabilities. The threat actor Neon has not only disrupted the global chip supply chain but also demonstrated the potential for significant cyber threats. As part of the cybersecurity industry, it is crucial to stay updated on the evolving tactics and strategies of such threat actors. The naming conventions for these groups may vary, but their intent remains consistent: executing actions with malicious intent. Understanding and combating these threats is essential for maintaining global cybersecurity.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Chrome
Cybercrime
Linux
Spam
Firefox
Windows
Debian
Decoy
Shellcode
Scam
Credentials
Malware
Chromium
Encrypt
Azure
Atom
Github
Signal
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SparkUnspecified
1
Spark is a type of malware, a harmful program designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage f
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Neon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
4 months ago
Arm unveils its first Neoverse chip designs for self-driving cars, seeking to diversify from smartphones; the first vehicles could arrive in four to five years
DARKReading
5 months ago
Creating Security Through Randomness
CERT-EU
7 months ago
2023 Year-end Review: Geopolitical Risk and Technology
Securityaffairs
7 months ago
New Version of Meduza Stealer Released in Dark Web
BankInfoSecurity
8 months ago
Info Stealers Thrive in Hot Market for Stolen Data
CERT-EU
9 months ago
9 Scam Phone Area Codes People In NY Should Never Answer | #lovescams | #datingapps | #datingscams | #love | #relationships | #scams | #pof | #match.com | #dating
CERT-EU
a year ago
Let me take you down... to Liverpool for Eurovision
CERT-EU
a year ago
Enter the World of Seinen Anime
CERT-EU
a year ago
A history of metaphors for the internet
CERT-EU
a year ago
Gallagher Security's Success by Design: What does it take to achieve 400% revenue growth in five years?
CERT-EU
a year ago
Links 21/03/2023: JDK 20 and GNOME 43.5
CERT-EU
a year ago
The only hack for hotel discounts that still works right now | Travel | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker - National Cyber Security
CERT-EU
a year ago
In the Alleys of Black Hat and DEF CON 2023: The Quiet API Security Crisis
MITRE
a year ago
BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech
CERT-EU
a year ago
Gemini Links 05/08/2023: The Guppy Protocol and Generating Calendar Events From E-mails
CERT-EU
a year ago
IRC Proceedings: Saturday, August 05, 2023
CERT-EU
a year ago
Search | arXiv e-print repository
CERT-EU
a year ago
Launch Edition for Xbox Series X | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
a year ago
The Best Anime of the '90s