Git-Mirrors/DISARMframeworks
1
0
Fork 0
mirror of https://github.com/DISARMFoundation/DISARMframeworks.git synced 2024-10-01 01:45:36 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
2c4757b429
DISARMframeworks/generated_pages/techniques/T0097.107.md

2.3 KiB
Raw Blame History

Technique T0097.107: Researcher Persona

  • Summary: A person with a researcher persona presents themselves as conducting research (e.g. for academic institutions, or think tanks), or having previously conducted research.

    While presenting as a researcher is not an indication of inauthentic behaviour,  an influence operation may have its narratives amplified by people presenting as researchers. Threat actors can fabricate researchers (T0143.002: Fabricated Persona, T0097.107: Researcher Persona) to add credibility to their narratives.

    People who are legitimate researchers (T0143.001: Authentic Persona, T0097.107: Researcher Persona) can use their persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a Researcher to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.

    Associated Techniques and Sub-techniques
    T0097.204: Think Tank Persona: People with a researcher persona may present as being part of a think tank.
    T0097.108: Expert Persona: People who present as researching a given topic are likely to also present as having expertise in the area.

  • Belongs to tactic stage: TA16

Incident Descriptions given for this incident
I00069 Uncharmed: Untangling Iran's APT42 Operations “In March 2023, [Iranian state-sponsored cyber espionage actor] APT42 sent a spear-phishing email with a fake Google Meet invitation, allegedly sent on behalf of Mona Louri, a likely fake persona leveraged by APT42, claiming to be a human rights activist and researcher. Upon entry, the user was presented with a fake Google Meet page and asked to enter their credentials, which were subsequently sent to the attackers.”

In this example APT42, an Iranian state-sponsored cyber espionage actor, created an account which presented as a human rights activist (T0097.103: Activist Persona) and researcher (T0097.107: Researcher Persona). The analysts assert that it was likely the persona was fabricated (T0143.002: Fabricated Persona)
Counters Response types

DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW