Talent Need Not Apply: Tradecraft and Objectives of Job-themed APT Social Engineering
Contents
Talent Need Not Apply
Tradecraft and Objectives of Job-themed APT
Social Engineering
PwC Global Threat Intelligence
Prepared for Black Hat USA
August 2022
Introductions
Sveva Vittoria Scenarelli
Allison Wikoff
Principal Analyst
PwC UK
Director
PwC US
Working at PwC for nearly 4 years,
APAC-based APT focus
Global Threat Intelligence Lead for
PwC Americas
• Loves tracking campaign evolutions over time
• Regularly unmasking North Korea-based threat
actors’ activities (VirusBulletin 2021, CONFidence
2021 and 2020)
@cyberoverdrive
PwC Global Threat Intelligence
• 20 years in cyber, IR, network defense, threat
intelligence
• 7+ years research focus on Iran
• Lives for threat actor mistakes
@SaltyWikoff
August 2022
2
The Great Resignation is showing no signs of slowing down
“The Great Resignation” is
not slowing down
APTs are increasingly using
job-themed lures
Unveil threat actors’ initial
access TTPs and motives
Explain how to recognise
social engineering attempts
PwC
2022
Global
Workforce
PwC
Global
Threat
Intelligence
Hopes and Fears Survey https://www.pwc.com/workforcehopesandfears
August 2022
3
Black Artemis
A prolific recruiter: Black Artemis
Aliases
HIDDEN COBRA,
Lazarus Group
Related
threat actors
Black Artemis / temp.Hermit
Andariel
Bluenoroff
Active since
2007
Motivation
Sabotage
Espionage
Cyber crime
Targets
Aerospace, DIB, Manufacturing…
PwC Global Threat Intelligence
August 2022
5
Dream job, delivered
Social media
Recruiter personas
Email phishing
Malicious attachments
Messaging apps
“Recruiter” follow-up
Domain spoofing
Image source:
https://www.welivesecurity.com/wp-content/uploads
/2020/06/ESET_Operation_Interception.pdf
lm-careers[.]com
global-job[.]org
indeedus[.]org
PwC Global Threat Intelligence
August 2022
6
Domain …
Tradecraft and Objectives of Job-themed APT
Social Engineering
PwC Global Threat Intelligence
Prepared for Black Hat USA
August 2022
Introductions
Sveva Vittoria Scenarelli
Allison Wikoff
Principal Analyst
PwC UK
Director
PwC US
Working at PwC for nearly 4 years,
APAC-based APT focus
Global Threat Intelligence Lead for
PwC Americas
• Loves tracking campaign evolutions over time
• Regularly unmasking North Korea-based threat
actors’ activities (VirusBulletin 2021, CONFidence
2021 and 2020)
@cyberoverdrive
PwC Global Threat Intelligence
• 20 years in cyber, IR, network defense, threat
intelligence
• 7+ years research focus on Iran
• Lives for threat actor mistakes
@SaltyWikoff
August 2022
2
The Great Resignation is showing no signs of slowing down
“The Great Resignation” is
not slowing down
APTs are increasingly using
job-themed lures
Unveil threat actors’ initial
access TTPs and motives
Explain how to recognise
social engineering attempts
PwC
2022
Global
Workforce
PwC
Global
Threat
Intelligence
Hopes and Fears Survey https://www.pwc.com/workforcehopesandfears
August 2022
3
Black Artemis
A prolific recruiter: Black Artemis
Aliases
HIDDEN COBRA,
Lazarus Group
Related
threat actors
Black Artemis / temp.Hermit
Andariel
Bluenoroff
Active since
2007
Motivation
Sabotage
Espionage
Cyber crime
Targets
Aerospace, DIB, Manufacturing…
PwC Global Threat Intelligence
August 2022
5
Dream job, delivered
Social media
Recruiter personas
Email phishing
Malicious attachments
Messaging apps
“Recruiter” follow-up
Domain spoofing
Image source:
https://www.welivesecurity.com/wp-content/uploads
/2020/06/ESET_Operation_Interception.pdf
lm-careers[.]com
global-job[.]org
indeedus[.]org
PwC Global Threat Intelligence
August 2022
6
Domain …