RANSOMWARE OPERATION💰 FINANCIAL
phantom
1
aliases
Intelligence Profile
phantom — tracked by MISP Galaxy (ransomware).
Threat Analysis
phantom is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.
Financially motivated threat actors like phantom prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
Intelligence Reports Mentioning phantom
'Phantom Squatting': An Emerging AI-Driven Supply Chain Threat
Dark Reading· Jul 1, 2026
Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware
The Hacker News· Jul 1, 2026
Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector
Palo Alto Unit 42· Jun 30, 2026
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
The Hacker News· May 18, 2026
Fake call logs, real payments: How CallPhantom tricks Android users
ESET Research· May 7, 2026
Microsoft won’t patch PhantomRPC: Feature or bug?
Malwarebytes Labs· Apr 29, 2026
No Patch for New PhantomRPC Privilege Escalation Technique in Windows
SecurityWeek· Apr 28, 2026
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
The Hacker News· Apr 27, 2026
External References
Quick Facts
TypeRansomware Operation
Motivation💰 financial
Aliases1
Also Known As
phantom
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.