Home > List all groups > Planetary Reef

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: Planetary Reef

NamesPlanetary Reef (PhishLabs)
CountryIndonesia Indonesia
MotivationFinancial gain
First seen2020
Description(PhishLabs) PhishLabs is monitoring a threat actor group that has set up fraudulent hosting companies with leased IP space from a legitimate reseller. They are using this infrastructure for bulletproof hosting services as well as to carry out their own phishing attacks. The group, which is based in Indonesia, has been dubbed Planetary Reef.

Planetary Reef is most notable in how they host phishing sites. While traditional methods of distributing phishing attacks rely on compromised websites or increasingly, free domains, Planetary Reef is leasing their IP space from a large reseller. Using space, the group has created an array of seemingly legitimate hosting companies that they promote through social media.
Tools used

Last change to this card: 04 January 2021

Download this actor card in PDF or JSON format

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key