![The art of information gathering. [Research Saturday]](https://images.musicrad.io/resizer/?image=aHR0cHM6Ly9tZWdhcGhvbmUuaW1naXgubmV0L3BvZGNhc3RzLzU4YWI3YWUwLWRlZjgtMTFlYS1iMzRjLWIzNWIyMDhiMDUzOS9pbWFnZS9kYWlseS1wb2RjYXN0LWNvdmVyLWFydC1jdy5wbmc_aXhsaWI9cmFpbHMtNC4zLjEmbWF4LXc9MzAwMCZtYXgtaD0zMDAwJmZpdD1jcm9wJmF1dG89Zm9ybWF0LGNvbXByZXNz&width=600&signature=Y09Mgt0BNxH8YtVOWDhXSvDqXvs=)
The art of information gathering. [Research Saturday]
Greg Lesnewich, senior threat researcher at Proofpoint, sits down to discuss "From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering." Since 2023, TA427 has directly solicited foreign policy experts for their opinions on nuclear disarmament, US-ROK policies, and sanction topics via benign conversation starting emails.
The research states "While our researchers have consistently observed TA427 rely on social engineering tactics and regularly rotating its email infrastructure, in December 2023 the threat actor began to abuse lax Domain-based Message Authentication, Reporting and Conformance (DMARC) policies to spoof various personas and, in February 2024, began incorporating web beacons for target profiling."
The research can be found here:
From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering
-
Heart UK