Develop social network persona digital footprint
Both newly built personas and pre-compromised personas may require development of additional documentation to make them seem real. This could include filling out profile information, developing social networks, or incorporating photos. [1] [2] [3]
ID: T1342
Tactic: Persona Development
Version: 1.0
Examples
| Name | Description |
|---|---|
| APT17 | APT17 created biographical sections on TechNet profile pages to appear more legitimate.[4] |
| Cleaver | Cleaver's fake personas included profile photos, details, and network connections.[5] |
Detection
Detectable by Common Defenses (Yes/No/Partial): NoExplanation: Unless there is some threat intelligence reporting, these users are hard to differentiate.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): YesExplanation: The only difference between an adversary conducting this technique and a typical user, is the adversary's intent - to target an individual for compromise.
References
- Mike Lennon. (2014, May 29). Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation. Retrieved March 1, 2017.
- Thomas Ryan. (2010). “Getting In Bed with Robin Sage.”. Retrieved March 6, 2017.
- Joan Goodchild. (2010, July 8). The Robin Sage experiment: Fake profile fools security pros. Retrieved March 6, 2017.