Promethium APT Description
The Promethium hacking group is an APT (Advanced Persistent Threat) that is best known for the spyware toolkit called StrongPity. Some malware analysts even refer to the Promethium group as StrongPity APT. The Promethium hacking group appears to target high-ranking politicians, military officials and political organizations mainly. Most of the Promethium APT's campaigns are concentrated in Syria and Turkey, but they also are known to have carried out campaigns against targets located in Italy and Belgium.
The Promethium hacking group has been on the radar of malware researchers since 2012, and throughout the years, they have introduced many updates to their projects. According to analysts, the Promethium APT has set up more than 30 brand-new C&C (Command & Control) servers recently, which greatly expands their infrastructure. The new C&C servers appear to be used in with the infamous StrongPity spyware toolkit, or namely StrongPity3 – the newest variant of the threat. Apart from updating its most popular toolkit and improving its infrastructure, the Promethium hacking group also has expanded its reach by targeting new regions. Security experts have noted that the Promethium APT has launched campaigns that go after targets located in Canada, India, Colombia and Vietnam. The Promethium hacking group appears to use bogus copies of popular applications as the infection vector in their latest project. The attackers have used fake copies of popular software such as VPNPro, Mozilla Firefox, 5kPlayer and DriverPack.
The Promethium APT has been active for over eight years and has made sure to remain relevant by applying regular updates to its hacking arsenal and improving the infrastructure it uses to carry out its attacks.