The PROMETHIUM threat actor — active since 2012 — has been exposed multiple times over the past several years. However, this has not deterred this actor from continuing and expanding
their activities. By matching indicators such as code similarity, command and control (C2) paths, toolkit structure and malicious behavior, a research team has identified around 30 new C2 domains. They assess that PROMETHIUM activity corresponds to
five peaks of activity when clustered by the creation date month and year.
Learn more >