Analysis of FinFisher malware used by NEODYMIUM group

Microsoft

Mar 02, 2018

Office 365 Advanced Threat Protection (Office 365 ATP) blocked many notable zero-day exploits in 2017. In our analysis, one activity group stood out: NEODYMIUM. This threat actor is remarkable for two reasons:

Its access to sophisticated zero-day exploits for Microsoft and Adobe software
Its use of an advanced piece of government-grade surveillance spyware FinFisher, also known as FinSpy and detected by Microsoft security products as Wingbird

FinFisher is such a complex piece of malware that, like other researchers, we had to devise special methods to crack it.

Read the rest of the post

Updated Mar 02, 2018

Version 3.0

Louie Mayor

Microsoft

Joined August 30, 2017

View Profile

Microsoft Defender for Endpoint Blog

When evaluating various solutions, your peers value hearing from people like you who’ve used the product. Review Defender for Endpoint by filling out a Gartner Peer Insights survey and receive a $25 USD gift card (for customers only). Microsoft Privacy Statement

Blog Post

Analysis of FinFisher malware used by NEODYMIUM group

Share