Develop social network persona digital footprint

Both newly built personas and pre-compromised personas may require development of additional documentation to make them seem real. This could include filling out profile information, developing social networks, or incorporating photos. [1] [2] [3]

ID: T1342
Sub-techniques:  No sub-techniques
Tactic: Persona Development
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Procedure Examples

Name Description

APT17 created biographical sections on TechNet profile pages to appear more legitimate.[4]


Cleaver fake personas included profile photos, details, and network connections.[5]


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Unless there is some threat intelligence reporting, these users are hard to differentiate.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: The only difference between an adversary conducting this technique and a typical user, is the adversary's intent - to target an individual for compromise.


  1. Mike Lennon. (2014, May 29). Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation. Retrieved March 1, 2017.
  2. Thomas Ryan. (2010). “Getting In Bed with Robin Sage.”. Retrieved March 6, 2017.
  3. Joan Goodchild. (2010, July 8). The Robin Sage experiment: Fake profile fools security pros. Retrieved March 6, 2017.