Develop social network persona digital footprint

Both newly built personas and pre-compromised personas may require development of additional documentation to make them seem real. This could include filling out profile information, developing social networks, or incorporating photos. [1] [2] [3]

ID: T1342

Tactic: Persona Development

Version: 1.0

Examples

NameDescription
APT17

APT17 created biographical sections on TechNet profile pages to appear more legitimate.[4]

Cleaver

Cleaver's fake personas included profile photos, details, and network connections.[5]

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Unless there is some threat intelligence reporting, these users are hard to differentiate.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: The only difference between an adversary conducting this technique and a typical user, is the adversary's intent - to target an individual for compromise.

References

  1. Mike Lennon. (2014, May 29). Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation. Retrieved March 1, 2017.
  2. Thomas Ryan. (2010). “Getting In Bed with Robin Sage.”. Retrieved March 6, 2017.
  3. Joan Goodchild. (2010, July 8). The Robin Sage experiment: Fake profile fools security pros. Retrieved March 6, 2017.