Trace Id is missing

Expert profile: Simeon Kakpovi

Senior Threat Intelligence Analyst, Microsoft Threat Intelligence
 A person Standing in a suit and smilling

To compromise email, credential phishing, social engineering, and sheer grit is all that’s required.

Simeon Kakpovi
Senior Threat Intelligence Analyst, Microsoft Threat Intelligence

Simeon Kakpovi initially wanted to be a doctor but soon realized that wasn’t his calling. “I switched my major a few times and ended up in information systems. I landed on cybersecurity because my mentors were in the field.”

As a sophomore at Howard University, he took additional cybersecurity classes at local community university, ultimately leading him to the Lockheed Martin Cyber Analyst Challenge. “They mailed us a thumb drive with 80 gigabytes of data. What happened next is some of the most fun I’ve ever had.”

The challenge required participants to analyze a full cyberintrusion using packet capture and memory files. “Through that process, I realized the big picture of cybersecurity and thought, ‘I would love to do this for a living.’”

That led to an internship at Lockheed Martin and to him co-creating the cyberskilling game KC7. “A lot of cybersecurity classes are taught with acronyms and vague concepts because they don’t have access to actual data. That creates a circular problem because you can’t get the skills until you get the job, but you can’t get the jobs unless you have the skills.”

Today, Simeon leads Microsoft’s team of analysts tracking more than 30 Iranian groups. Though distinct in motivation and activity, Simeon notes all Iranian actors  share a common trait: tenacity.

“We’ve consistently found that Iran is persistent and patient, willing to spend effort, time, and resources to compromise their targets. Iranian-linked actors offer a good reminder that you don’t have to use zero-day software exploits or novel offensive techniques to be successful. To compromise email, credential  phishingsocial engineering, and sheer grit is all that’s required.”

“Social Engineering isn’t always as simple as it might appear. We’ve seen threat actors leverage the personal information people reveal about themselves on social media  during social engineering campaigns.”

For example, Crimson Sandstorm  uses fake social media profiles (honey pots) targeting individuals based on the jobs they listed on their LinkedIn profile. Then over a period of a few months, they attempt to establish romantic relationships, using intelligence gathered from public profiles to build trust and rapport, eventually sending BEC targets malicious files disguised as videos or surveys. However, because these relationships were developed over long periods of time, targets were more likely to ignore security alerts when they executed the files.

Simon observes that Iranian  threat actors  are motivated by a wide scope of reasons. “When tracking  Mint Sandstorm  and attacks on agencies working with governments, sometimes nuclear policy is the driver. With think tanks or academic institutions, publishing information critical of the Iranian government can raise the ire of a threat actor group. That suggests that they may know how the US or other Western countries will position themselves in terms of policy and target individuals with information that’s useful to their government.”

Related articles

Anatomy of an external attack surface

The cybersecurity world continues to become more complex as organizations move to the cloud and shift to decentralized work. Today, the external attack surface spans multiple clouds, complex digital supply chains, and massive third-party ecosystems.

Cyber Signals Issue 4: Shifting tactics fuel surge in business email compromise

Business email compromise (BEC) is on the rise now that cybercriminals can obscure the source of their attacks to be even more nefarious. Learn about cyber-crime-as-a service (CaaS) and how to help protect your organization.

Cyber Signals Issue 1: Identity is the new battleground

Identity is the new battleground. Gain insights into evolving cyberthreats and what steps to take to better protect your organization.

Follow Microsoft Security