Unraveling the Mind Behind the APT - Analyzing the Role of Pretexting in CTI and Attribution

This talk from Black Hat explores the sophisticated phishing campaigns deployed by Advanced Persistent Threat (APT) groups, analyzing thousands of APT phishing emails connected to major security breaches. Dive into the evolution of cyber threats with a special focus on pretexting and persuasion tactics used by attackers, and learn how these strategies can be used for attribution. Discover how a local Large Language Model (LLM) was trained to extract pretext techniques and categorize emails using a custom classification framework, enhancing the ability to predict the authors of new phishing campaigns. Gain valuable insights into APT spear phishing email classification and attribution, understand the underestimated role of pretexting in threat intelligence, and examine successful case studies where these concepts helped attribute attacks. Presented by Sanne Maasakkers, Senior Analyst at Mandiant (Part of Google Cloud), this 37-minute presentation reveals how seemingly innocent offers like car purchases or wine tastings are weaponized by sophisticated threat actors.