PhantomControl is a sophisticated threat actor that emerged in November 2023. They utilize phishing emails as their initial infection vector and employ a ScreenConnect client to establish a connection for their malicious activities. Their arsenal includes a VBS script that hides its true intentions and reveals a complex mechanism involving PowerShell scripts and image-based data retrieval. PhantomControl has been associated with the Blind Eagle threat actors, showcasing their versatility and reach.
References
Actor metadata imported from Malpedia (Fraunhofer FKIE).