StrongPity, also known as Promethium, is a threat group that is assumed to have been active since at least 2012. Information about this actor was first publicly reported in October 2016 with details on attacks against users in Belgium and Italy. Later, in 2018, the attackers shifted their focus on another geographical region, compromising Turkish telecommunication companies to target hundreds of users in Turkey and Syria.
It is believed that the attacks attributed to StrongPity are government-sponsored and are used for population surveillance and intelligence exfiltration. More so, it is believed that these attacks are used as support for the geo-political conflicts in the region. The known preferred infection vector used by the StrongPity group is a watering hole technique, delivering malicious versions of legitimate installers to
certain targets.
Download