Persōna Theory: Infiltration and Deception of Emerging Threat Groups
Tammy Harper
NorthSec 2025 · Day 2 · Ville-Marie
Threat intelligence teams that want to infiltrate emerging ransomware and cybercrime groups need more than technical skill — they need operationally coherent digital personas built on a systematic framework of linguistics, OPSEC, OSINT, and social engineering. Tammy Harper of Flare draws on Carl Jung's original concept of the persona and applies it to the practice of infiltrating ransomware recruitment phases, where operators are actively seeking affiliates and their receptiveness to unknown contacts is at its peak. The talk includes live chat logs from successful infiltrations of named ransomware groups, practical guidance on timezone shifting and writing style adaptation, and case studies of both successful and failed approaches. ---
AI review
Flare threat intelligence analyst presents a systematic framework for constructing and deploying digital personas to infiltrate ransomware recruitment phases — including live chat logs from successful infiltrations of Sloglav and APT73/Bashy, OPSEC requirements for timezone shifting and transliteration, and analysis of threat landscape churn that determines persona viability.