Menu
Browse

Cyber Threat Actor: Phantom Troupe

Actor Type Location Known Incidents
 Icon
Sensationalist
Philippines
1 incident
Profile

Thethreat actor known as Phantom Troupe has been publicly linked to activities in the Philippines. The alias Phantom Troupe is the only name associated with this group in open sources. No further details about its size, structure, or founding date are available. On April 1, 2019, Phantom Troupe was reported to have gained unauthorized access to third‑party servers that were hosting non‑classified personnel data for the training school of an elite Philippine military unit. The intrusion exposed registry information belonging to approximately 20,000 soldiers, although the data consisted of details already publicly available. Military investigators confirmed that the unit’s primary defense network, which operates as a closed system, remained secure and was not compromised. The breach was attributed to the external servers that were in the process of being migrated to the internal network. The reported tactics involved exploiting the migration window to reach the third‑party servers; no specific malware families, exploit kits, or custom tools were described in the public account. Consequently, the actor’s tooling style and preferred initial access vectors beyond this server compromise are not documented.

Attribution beyond the geographic association with the Philippines has not been established, and no state sponsorship or criminal‑consortium ties have been publicly confirmed. The April 2019 operation against the military training school remains the only publicly cited campaign linked to Phantom Troupe.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources