Why Nisos
After receiving an allegation that the affiliate was using their platform to advance these efforts, the client asked Nisos to perform a digital investigation and use high operational security tradecraft to determine the extent of the operation and make recommendations on how to address the issue. Options included:
Execution
The affiliate company appeared to be a typical startup venture. However, upon further investigation, their obfuscation of ownership information and use of sophisticated persona operations strongly suggested the hand of a sophisticated threat actor. Sophisticated persona operations included planting disinformation in media outlets, the use of sock puppets, platform modifications to ensure an ongoing presence on social media outlets, and the direct targeting of US-based individuals in sensitive government positions.
Nisos identified several supposed employees of the recruiting company but was unable to link any of the employees to real individuals. This included searches across social media platforms and data aggregators. The majority of the employee personas were young females located in US locations. Nisos determined that these personas were a marketing strategy meant to increase traffic to the recruiting company’s website. Coupled with the sophistication of the executive’s profile and the disinformation that was being disseminated through high-profile news publications, we assessed sophisticated threat actors’ involvement.
Outcome
The client used Nisos’ investigation results and the detailed analysis and reporting provided as the basis for additional investigations into the recruiting company. It was decided to report Nisos’ findings to law enforcement. Ultimately, the client determined the affiliate was in violation of their terms of service agreement and removed them from the platform to prevent any further abuse.