Build social network persona

For attacks incorporating social engineering the utilization of an on-line persona is important. These personas may be fictitious or impersonate real people. The persona may exist on a single site or across multiple sites (Facebook, LinkedIn, Twitter, Google+, etc.). [1] [2] [3]

ID: T1341

Tactic: Persona Development

Version: 1.0

Examples

NameDescription
APT17

APT17 posted in forum threads and created profile pages in Microsoft TechNet.[4]

Cleaver

Cleaver created fake LinkedIn profiles.[5]

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Unless there is some threat intelligence reporting, these users are hard to differentiate.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Performing activities like typical users, but with specific intent in mind.

References

  1. Mike Lennon. (2014, May 29). Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation. Retrieved March 1, 2017.
  2. Thomas Ryan. (2010). “Getting In Bed with Robin Sage.”. Retrieved March 6, 2017.
  3. Joan Goodchild. (2010, July 8). The Robin Sage experiment: Fake profile fools security pros. Retrieved March 6, 2017.