In 2017 a London-based photographer named Mia Ash used LinkedIn to contact multiple male employees of a Middle Eastern company. She stated this contact was part of an exercise to reach out to people around the world. Over the next few days, Mia and these individuals exchanged messages about their professions, photography, and travels. Mia encouraged these employees to add her as a friend on Facebook and continue their conversation there. Over time, trust was established, and Mia eventually convinced one of these employees to open a Microsoft Excel attachment on his work laptop. The attachment promptly launched a malicious macro and attempted to install malware.
Security researchers working with the Middle Eastern company assessed Mia Ash as a fake persona deployed by Advanced Persistent Threat (APT) actors known as COBALT GYPSY – a group associated with Iranian government-directed cyber operations. The Mia Ash online persona was unique in its sophistication; however, catfishing unsuspecting individuals to exploit their privileged access is not unique. This Tactic, Technique and Procedure (TTP) has been used by several APT actors since at least 2016.
In our talk we will demonstrate how Open Source Intelligence (OSINT) tools and techniques can reconstruct the APT actor playbook for engineering and executing catfishing facilitated attacks. We will analyse their methodologies and TTPs, and demonstrate how you can apply this knowledge to identifying possible APT catfishing profiles operating within your social media environment.
Emerald is Head of OSINT Combine's Intelligence Services. Prior to joining the team, she spent over a decade working within the Australian Federal Government's security and intelligence community. Emerald has worked across a range of national security threats including counter terrorism, counter intelligence, cyber security and insider threats. Emerald has applied a diverse array of operational counter measures to these threat programs, including OSINT capabilities. Throughout her career, Emerald has remained an OSINT enthusiast and advocate.