HOMETHREATSPROMETHIUM
APT / THREAT GROUP

PROMETHIUM

🇹🇷Turkey-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

[PROMETHIUM](https://attack.mitre.org/groups/G0056) is an activity group focused on espionage that has been active since at least 2012. The group has conducted operations globally with a heavy emphasis on Turkish targets. [PROMETHIUM](https://attack.mitre.org/groups/G0056) has demonstrated similarity to another activity group called [NEODYMIUM](https://attack.mitre.org/groups/G0055) due to overlapping victim and campaign characteristics.(Citation: Microsoft NEODYMIUM Dec 2016)(Citation: Microsoft SIR Vol 21)(Citation: Talos Promethium June 2020)

Threat Analysis

PROMETHIUM is a known-sophistication threat actor attributed to Turkey, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

PROMETHIUM — Active Operations March 2026

PROMETHIUM is a unknown-motivation threat actor attributed to TR. PROMETHIUM is an activity group that has been active as early as 2012. The group primarily uses Truvasys, a first-stage malware that has been in circulation for several years. Truvasys has been involved in several attack campaigns, where it has masqueraded as one of server common...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇹🇷 Turkey
Aliases1
SourceMalpedia

Also Known As

StrongPity

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.