PhantomControl

MISP

Type:
Unknown

Country:
Unknown

First seen:
Unknown

Details:

PhantomControl is a sophisticated threat actor that emerged in November 2023. They utilize phishing emails as their initial infection vector and employ a ScreenConnect client to establish a connection for their malicious activities. Their arsenal includes a VBS script that hides its true intentions and reveals a complex mechanism involving PowerShell scripts and image-based data retrieval. PhantomControl has been associated with the Blind Eagle threat actors, showcasing their versatility and reach.

References (3)

esentire.com - Phantomcontrol Returns With Ande Loader And Swaetrat
esentire.com - Operation Phantomcontrol
securityonline.info - Esentire Vs Phantom Unveiling The Cyber Spooks Dance Of Darkness

Metadata

ID:	563
Created:	13/01/2026 17:48
Updated:	08/03/2026 04:00