Disrupting Nation-State Recruiting and Disinformation Efforts on Job Site Platform

by | Dec 11, 2020 | Adversary Research, Case Study

The Challenge

A job recruiting platform approached Nisos to determine the severity and authenticity of an affiliate recruiting company that appeared to be involved with disinformation and foreign nation state espionage efforts. The foreign nation state was suspected of targeted recruiting of individuals in sensitive US government positions using sockpuppet accounts.

Why Nisos

After receiving an allegation that the affiliate was using their platform to advance these efforts, the client asked Nisos to perform a digital investigation and use high operational security tradecraft to determine the extent of the operation and make recommendations on how to address the issue. Options included:

  • Removing the recruiting company from the platform,
  • Continuing to monitor, and/or
  • Informing law enforcement.


Nisos was provided with minimal information consisting only of the name of the recruiting company. Nisos was not provided with any data regarding the details of the client’s organization or internal telemetry.


The affiliate company appeared to be a typical startup venture. However, upon further investigation, their obfuscation of ownership information and use of sophisticated persona operations strongly suggested the hand of a sophisticated threat actor. Sophisticated persona operations included planting disinformation in media outlets, the use of sock puppets, platform modifications to ensure an ongoing presence on social media outlets, and the direct targeting of US-based individuals in sensitive government positions.

Nisos identified several supposed employees of the recruiting company but was unable to link any of the employees to real individuals. This included searches across social media platforms and data aggregators. The majority of the employee personas were young females located in US locations. Nisos determined that these personas were a marketing strategy meant to increase traffic to the recruiting company’s website. Coupled with the sophistication of the executive’s profile and the disinformation that was being disseminated through high-profile news publications, we assessed sophisticated threat actors’ involvement.


The client used Nisos’ investigation results and the detailed analysis and reporting provided as the basis for additional investigations into the recruiting company. It was decided to report Nisos’ findings to law enforcement. Ultimately, the client determined the affiliate was in violation of their terms of service agreement and removed them from the platform to prevent any further abuse.

About Nisos

Nisos is the Managed Intelligence™ company. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.

For additional information, contact




Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights℠ Retainer
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks