PROMETHIUM

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Promethium, also known as StrongyPity, is a Turkish-speaking threat actor that has been active since at least 2012. Despite multiple exposures over the years, this entity has remained undeterred and continued to expand its malicious activities. Promethium, along with another threat actor named Neodymium, has utilized zero-day exploits to execute code and download malicious payloads. These groups have been linked to state-sponsored threats, with their primary motive being the gathering of information about specific individuals rather than monetary gain or economic espionage. In May 2016, both Promethium and Neodymium began targeted attack campaigns against certain individuals in Europe. They employed an unusual tactic: they distributed links through instant messengers that led recipients to malicious documents. Once opened, these documents invoked exploit code to launch Truvasys on the victims' computers. This behavior was described as "unusual" by Microsoft researchers, as these groups launched attacks almost simultaneously in the same region, targeting individuals without apparent common affiliations. Windows Defender ATP and Office 365 ATP have implemented rules based on Indicators of Compromise (IOCs) and threat intelligence specific to Promethium and Neodymium. More detailed information about these threat actors can be found in the Microsoft Security Intelligence Report volume 21. In conclusion, despite the exposure and countermeasures taken against it, Promethium remains a dedicated and resilient threat actor, persistently pursuing its agenda.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
NEODYMIUM
1
Neodymium, a threat actor identified by Microsoft and associated with BlackOasis' operations, is known for its unique behavior in the cybersecurity landscape. Unlike many other activity groups primarily focused on monetary gain or economic espionage, Neodymium, alongside another group known as Prome
Strongypity
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
Windows
Microsoft
Payload
Espionage
Manageengine
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
TruvasysUnspecified
1
Truvasys is a type of malware that has been circulating for several years. Malware, which stands for malicious software, is designed to damage or exploit computers and other devices. Truvasys typically infiltrates systems through suspicious downloads, emails, or websites and can steal personal infor
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the PROMETHIUM Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
9 months ago
APT trends report Q3 2023
MITRE
a year ago
Middle Eastern hacking group is using FinFisher malware to conduct international espionage
MITRE
a year ago
Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe - Microsoft Security Blog
MITRE
a year ago
PROMETHIUM extends global reach with StrongPity3 APT
CERT-EU
a year ago
Solutions Review Celebrates 50 Vendors Served with Packed Summer ’23 Virtual Events Schedule