Analysis of FinFisher malware used by NEODYMIUM group

Microsoft

Mar 01, 2018

Office 365 Advanced Threat Protection (Office 365 ATP) blocked many notable zero-day exploits in 2017. In our analysis, one activity group stood out: NEODYMIUM. This threat actor is remarkable for two reasons:

Its access to sophisticated zero-day exploits for Microsoft and Adobe software
Its use of an advanced piece of government-grade surveillance spyware FinFisher, also known as FinSpy and detected by Microsoft security products as Wingbird

FinFisher is such a complex piece of malware that, like other researchers, we had to devise special methods to crack it.

Read the rest of the post

Updated Mar 01, 2018

Version 3.0

Louie Mayor

Microsoft

Joined August 30, 2017

View Profile

Microsoft Defender for Endpoint Blog

Microsoft Defender for Endpoint disrupts ransomware with industry-leading endpoint security, providing comprehensive protection across all platforms and devices.

Blog Post

Analysis of FinFisher malware used by NEODYMIUM group