G0056 · 11 ATT&CK techniques · 0 correlated reports

PROMETHIUM

Aliases: StrongPity

PROMETHIUM is an activity group focused on espionage that has been active since at least 2012. The group has conducted operations globally with a heavy emphasis on Turkish targets. PROMETHIUM has demonstrated similarity to another activity group called NEODYMIUM due to overlapping victim and campaign characteristics.

Open interactive actor investigation

ATT&CK techniques

T1204.002
Malicious File T1587.002
Code Signing Certificates T1078.003
Local Accounts T1587.003
Digital Certificates T1547.001
Registry Run Keys / Startup Folder T1543.003
Windows Service T1036.005
Match Legitimate Name or Location T1036.004
Masquerade Task or Service T1553.002
Code Signing T1205.001
Port Knocking T1189
Drive-by Compromise

Correlated CTI and IR reports

Continue the investigation

Interactive ThreatMapper ThreatMapper documentation CTI Analyst Field Manual Israel Threat Actors CTI Anomaly Detection Atlas ITDR Handbook 1200km Medium research