← threatfilter.dev / all groups / PROMETHIUM
PROMETHIUM
Also known as: StrongPity
Overview
PROMETHIUM is an activity group focused on espionage that has been active since at least 2012. The group has conducted operations globally with a heavy emphasis on Turkish targets. PROMETHIUM has demonstrated similarity to another activity group called NEODYMIUM due to overlapping victim and campaign characteristics.
TTPs — 11 techniques across 6 tactics
Resource Development
-
T1587.002Code Signing Certificates -
T1587.003Digital Certificates
Initial Access
-
T1189Drive-by Compromise
Execution
-
T1204.002Malicious File
Persistence
-
T1543.003Windows Service -
T1547.001Registry Run Keys / Startup Folder
Stealth
-
T1036.004Masquerade Task or Service -
T1036.005Match Legitimate Resource Name or Location -
T1078.003Local Accounts -
T1205.001Port Knocking
Defense Impairment
-
T1553.002Code Signing
Tools & malware (2)
Truvasys · StrongPity
Reporting (3)
- StrongPity APT - Revealing Trojanized Tools, Working Hours and Infrastructure — Tudorica, R. et al
- PROMETHIUM extends global reach with StrongPity3 APT — Mercer, W. et al
- Microsoft Security Intelligence Report Volume 21 — Anthe, C. et al