Planetary Reef - Threat Group Cards: A Threat Actor
Encyclopedia
Archived: 2026-04-05 16:11:47 UTC
Home > List all groups > Planetary Reef
 Other threat group: Planetary Reef
Names Planetary Reef (PhishLabs)
Country Indonesia
Motivation Financial gain
First seen 2020
Description
(PhishLabs) PhishLabs is monitoring a threat actor group that has set up fraudulent hosting
companies with leased IP space from a legitimate reseller. They are using this infrastructure for
bulletproof hosting services as well as to carry out their own phishing attacks. The group,
which is based in Indonesia, has been dubbed Planetary Reef.
Planetary Reef is most notable in how they host phishing sites. While traditional methods of
distributing phishing attacks rely on compromised websites or increasingly, free domains,
Planetary Reef is leasing their IP space from a large reseller. Using space, the group has
created an array of seemingly legitimate hosting companies that they promote through social
media.
Observed
Tools used
Information
<https://info.phishlabs.com/blog/planetary-reef-cybercriminal-hosting-and-phishing-as-a-service-threat-actor>
Last change to this card: 05 January 2021
Download this actor card in PDF or JSON format
Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=17bfecf4-f046-4f3b-90c6-045eb4f6a436
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=17bfecf4-f046-4f3b-90c6-045eb4f6a436
Page 1 of 1