Menu
Browse

Cyber Threat Actor: Phishermen

Actor Type Location Known Incidents
 Icon
Sensationalist
United States of America
1 incident
Profile

Phishermen is a threat actor known by that alias and has been associated with activity originating from the United States of America. The group came to public attention in mid‑2019 when it released a collection of allegedly phished credentials from a gaming chat platform. No further public identifiers or organizational ties have been disclosed for Phishermen in the available sources.

In July 2019 Phishermen published approximately 2,500 username and password pairs that it claimed were obtained through a phishing site that abused the platform’s application programming interface. The actors stated that the method was simple and used the release to criticize the target’s security practices, noting that many of the email addresses corresponded to active accounts. The disclosed dataset contained both valid and invalid entries, and the affected company did not issue an immediate public statement regarding the incident.

The observed tactics, techniques, and procedures of Phishermen center on credential harvesting via deceptive web pages that exploit legitimate API functions, with no mention of malware deployment or custom tooling. Their approach relies on social engineering to lure users into entering login details on a fraudulent site that mimics the service’s authentication flow. This focus on API‑abusing phishing represents the primary initial access vector described in the reporting.

The 2019 Discord credential leak remains the only publicly reported operation attributed to Phishermen, and it highlights the group’s emphasis on exposing authentication weaknesses rather than pursuing financial gain or espionage. No additional campaigns, affiliations, or broader operational patterns have been documented in the sources provided. Consequently, the profile is limited to the confirmed facts surrounding this single incident.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources