As advanced persistent threats (APTs) have become pervasive, governments and organizations have spent billions of dollars over the years fighting them. Meanwhile, actors have created a new breed of threat – “Advanced Persistent Manipulators” (APMs), to borrow a term coined by scholar Clint Watts at the Alliance for Securing Democracy in the United States. APMs have learned from APTs’ successes and taken advantage of the developments in information technology with an aim of manipulating information and influencing decision making. This presentation will explore Advanced Persistent Manipulator threats through a comparative study with advanced persistent threats. This comparison will examine motives, goals, and tactics, techniques and procedures (TTPs) related to each. It will further review the unique characteristics of APMs and current regulatory environments that affect efforts to defend against disinformation. Lastly, this presentation will offer countermeasures that governments and private organizations may want to consider when developing plans for defense against APM threats in the current and evolving threat environment.

1. FROMADVANCED
PERSISTENTTHREATS
TO"ADVANCED
PERSISTENT
MANIPULATORS":
THEEVOLVINGCYBER
DEFENSEBATTLEFIELD
iDefense Threat Intelligence
Mei Nelson

2. AS ADVANCED PERSISTENT THREATS
CONTINUE THEIR WORK...
Copyright © 2019 Accenture. All rights reserved. 2
Source: US-CERT Source: FBI

3. Copyright © 2019 Accenture. All rights reserved. 3
A NEW BREED OF THREAT
EMERGES:

4. Copyright © 2019 Accenture. All rights reserved. 4
ADVANCED
PERSISTENT
MANIPULATORS
“An actor or combination
of actors perpetrating
an extended,
sophisticated, multi-
platform,multi-media
informationattack on a
specified target”
— CLINT WATTS, THE ALLIANCE FOR SECURING DEMOCRACY

5. ADVANCED PERSISTENT THREATS VS
ADVANCED PERSISTENT MANIPULATORS
Copyright © 2019 Accenture. All rights reserved. 5
APTs APMs
Main Characteristics Organized, resourceful,
well-funded, defined
objectives, conducting
network operations
Organized, resourceful, well-funded,
defined objectives, conducting
information operations across all social
media platforms
Goals Strategic advantage, profit Influence audiences, discredit
adversaries, enlist allies and agents, incite
fear and provoke conflict, distort reality
Methods Network intrusion,
vulnerability exploitation
Use inauthentic accounts, create
forgeries, stage real world provocations
Actors State-sponsored actors,
cybercriminals, corporate
espionage actors
Activists, extremist groups, state-
sponsored actors, political campaigns,
lobbyists, businesses, or celebrities

6. ADVANCED PERSISTENT
MANIPULATORS
BEYONDSOCIALMEDIACopyright © 2019 Accenture. All rights reserved.

7. WARFARE&
DECEPTION
兵者，詭道也。故能而示之不能，用而
示之不用，近而示之遠，遠而示之近。
All warfare is based on deception. Hence, when
we are able to attack, we must seem unable;
when using our forces, we must appear inactive;
when we are near, we must make the enemy
believe we are far away; when far away, we must
make him believe we are near.
7
Source: Amazon
Copyright © 2019 Accenture. All rights reserved.

8. INFORMATIONOPERATIONS
&DECEPTION
The Set Up: a novel of espionage
“I will force the enemy to take our strength for
weakness, and our weakness for strength, and
thus will turn his strength into weakness.”
- A fictional KGB officer in charge of
disinformation operations
8
Source: Abebooks.co.uk
Copyright © 2019 Accenture. All rights reserved.

9. Disinformation
Propaganda
Misinformation
9Copyright © 2019 Accenture. All rights reserved.
INFORMATION OPERATIONS
THREE TYPES & THREE DIMENSIONS

10. INFORMATION OPERATIONS
GOALS: THE “D” WORDS
10
DIVIDE DISCREDIT DISTRACT DENY
Copyright © 2019 Accenture. All rights reserved.

11. DISINFORMATION OPERATIONS
METHODS
11
“WHITE” METHOD
Broadcasting one’s
message openly
through state
media
“GRAY” METHOD
Placing information in
other sympathetic
media
“BLACK” METHOD
Using hackers,
trolls, and
honeypots
Copyright © 2019 Accenture. All rights reserved.

12. INFORMATION OPERATIONS
TARGET AUDIENCES
12
Targets of Non-state actors
• Own group members or
rival groups
• Law enforcement
• Politicians
• General public
Targets of State actors
• One’s own citizens
• Adversary country’s
politicians, military,
bureaucrats
• Various groups within
the adversary country
• Mass opinion
Copyright © 2019 Accenture. All rights reserved.

13. 13
• Flooding the media with multiple versions of a story to
confuse the audience
• Publicizing scandalous information to discredit a critic
or adversary
• Distracting world opinion from negative information,
by highlighting or even creating some other crisis or
scandal
• Using inauthentic social media profiles to inflame real-
world violence by publicizing rallies of rival groups
Copyright © 2019 Accenture. All rights reserved.
INFORMATION OPERATIONS
TACTICS

14. 14
CASE STUDY: #MACRONLEAKS (PART I)
• Disinformation campaign: rumors,
fake news, forged documents
• Offensive network intrusion:
computers of Macron’s campaign
staff
• Spreading stolen data using trolls
and bots
Source: Reuters
Copyright © 2019 Accenture. All rights reserved.

15. 15
CYBER-ENABLED INFORMATION OPERATIONS
Broadly
Any information operations taking place in
cyberspace, including in online media and
social media
Narrowly
Information operations leveraging offensive
cyber threat activity such as subverting
secure system
Copyright © 2019 Accenture. All rights reserved.

16. 16
CYBER-ENABLED INFORMATION OPERATIONS
Cyberthreat Activities
+
Disinformation Tradecraft
State-sponsored
Copyright © 2019 Accenture. All rights reserved.

17. 17
CYBER-ENABLED INFORMATION OPERATIONS
Hacktivism
Non-state actors for
ideological purposes
State-controlled
hacktivism using false
personas
Copyright © 2019 Accenture. All rights reserved.

18. CASE STUDY: #MACRONLEAKS (PART II)
1818
18
• Spear phishing campaign
• Hacktivist personas
• Social media bots
• Imagery board: 4chan
SNAKEMACKEREL (APT 28)
Copyright © 2019 Accenture. All rights reserved. Source: Fancy Bears’ Hack Team website

19. CASE STUDY: THE INTEGRITY INITIATIVE
19
Objective: Disinformation
& Counternarrative
• Perpetrator:
”Anonymous”
Likely state-controlled
hacktivist persona
• Six Leaks from Nov. 5th
2018
• Financial focus? – No,
but it can happen
Copyright © 2019 Accenture. All rights reserved.
Source: the CyberGuerrilla website

20. CASE STUDY: FANCY BEARS’ HACK TEAM
20
Source: Fancy Bears’ Hack Team website
Copyright © 2019 Accenture. All rights reserved.

21. 21
SKATE
Copyright © 2019 Accenture. All rights reserved.
CASE STUDY: ENDLESS MAYFLY & OPERATION
NEWSCASTER
1. Used typo-squatted domains to create
inauthentic websites
2. Promoted these domains on social
media platforms using inauthentic
personas
3. Hosted malicious mobile applications
4. Leveraged “ephemeral disinformation”
– Burn After Reading
21

22. 22
DEEPFAKE USED
AS
DISINFORMATION
Copyright © 2019 Accenture. All rights reserved.
Source: Scribd

23. WHEREISTHIS
HEADING?
23Copyright © 2019 Accenture. All rights reserved.

24. 24Copyright © 2019 Accenture. All rights reserved. Source: New York Times

25. 25
SUGGESTIONS
• Follow geopolitical events
• Set social media policies
• Filter inauthentic accounts
• Verify claims
• Investigate information sources
Copyright © 2019 Accenture. All rights reserved.

26. 26
https://www.accenture.com/_acnmedia/pdf-107/accenture-security-cyber.pdf
Copyright © 2019 Accenture. All rights reserved.

28. LEGAL NOTICE & DISCLAIMER
© 2019 Accenture.
Accenture Security
Accenture Security helps organizations build resilience from the inside out, so they can confidently focus
on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry
understanding across client value chains and services that span the security lifecycle, Accenture
protects organizations’ valuable assets, end-to-end. With services that include strategy and risk
management, cyber defense, digital identity, application security and managed security, Accenture
enables businesses around the world to defend against known sophisticated threats, and the unknown.
Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
This document is produced by consultants at Accenture as general guidance. It is not intended to
provide specific advice on your circumstances. If you require advice or further details on any matters
referred to, please contact your Accenture representative.
The opinions, statements, and assessments in this report are solely those of the individual author(s) and
do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or
affiliates.