PhishLabs is monitoring a risk actor group that has arrange fraudulent internet hosting firms with leased IP house from a authentic reseller. They’re utilizing this infrastructure for bulletproof internet hosting companies in addition to to hold out their very own phishing assaults. The group, which relies in Indonesia, has been dubbed Planetary Reef.

Planetary Reef is most notable in how they host phishing websites. Whereas conventional strategies of distributing phishing assaults depend on compromised web sites or more and more,
free domains, Planetary Reef is leasing their IP house from a big reseller. Utilizing house, the group has created an array of seemingly authentic internet hosting firms that they promote by way of social media.

Planetary Reef’s infrastructure consists of a lot of domains registered by way of quite a lot of well-known registrars. Every area has a considerable assortment of subdomains that they use to level to totally different phishing websites hosted on their IP house. So as to shortly arrange these phishing websites and successfully handle their stock of domains, the group is using dynamic DNS companies.
There are numerous behaviors that point out Planetary Reef is performing as a bulletproof internet hosting supplier. A lot of these hosts permit prospects appreciable leniency within the kinds of illicit materials they add and distribute, and are favored amongst malicious actors. They’ve bought internet hosting companies to a different actor concentrating on massive social media platforms. In addition they have connections to identified teams providing phishing-for-hire companies. Moreover, we now have noticed threats utilizing Planetary Reef’s infrastructure concentrating on varied manufacturers and properties in ways in which recommend distinct actors pursuing their very own ends.

Probably the most outstanding hosts run by Planetary Reef are Planet Internet hosting and CNF-HOST.

Planet Internet hosting (Planet Host Reside)

  • hxxps://planethostlive[.]com/
  • hxxps://planet[.]my[.]id
  • hxxps://s2planet[.]com/
  • hxxps://planethost[.]asia (inactive)

CNF-HOST

  • hxxps://cnfhosted[.]my[.]id/
Planetary Reef: Cybercriminal Hosting and Phishing-as-a-Service Threat Actor

Planet Host Reside Web site

Planetary Reef: Cybercriminal Hosting and Phishing-as-a-Service Threat Actor

CNF-HOST Web site

Planetary Reef is utilizing social media extensively to promote their internet hosting companies. Their most energetic presence is their personal Fb Group “Planet Internet hosting Indonesia Grup.”

Planetary Reef: Cybercriminal Hosting and Phishing-as-a-Service Threat Actor

Planet Internet hosting Indonesia Grup

As well as, lots of the directors behind Planetary Reef establish themselves on the homepage of every internet hosting firm and have publicly obtainable Fb profiles.

Planetary Reef: Cybercriminal Hosting and Phishing-as-a-Service Threat Actor

Planet Internet hosting Admins

Planetary Reef: Cybercriminal Hosting and Phishing-as-a-Service Threat Actor

Planet Internet hosting Admin Fb Profile

Planetary Reef stays a risk so long as the group is ready to use authentic assets to deploy assaults and lease house to unhealthy actors. PhishLabs is actively eradicating phishing websites related to Planetary Reef. Regardless of its clear involvement in malicious exercise, the group at present stays on-line as a result of lack of motion by upstream suppliers. PhishLabs continues to work with business companions to trace Planetary Reef and disrupt their actions.

Extra Sources:

Planetary Reef: Cybercriminal Hosting and Phishing-as-a-Service Threat Actor

*** It is a Safety Bloggers Community syndicated weblog from The PhishLabs Weblog authored by Stacy Shelley. Learn the unique publish at: https://data.phishlabs.com/weblog/planetary-reef-cybercriminal-hosting-and-phishing-as-a-service-threat-actor

Share: