HOMETHREATSCloudDuke
APT / THREAT GROUP

CloudDuke

4
aliases
Last seen:Mar 17, 2026

Intelligence Profile

F-Secure describes CloudDuke as a malware toolset known to consist of, at least, a downloader, a loader and two backdoor variants. The CloudDuke downloader will download and execute additional malware from a preconfigured location. Interestingly, that location may be either a web address or a Microsoft OneDrive account. Both CloudDuke backdoor variants support simple backdoor functionality, similar to SeaDuke. While one variant will use a preconfigured C&C server over HTTP or HTTPS, the other variant will use a Microsoft OneDrive account to exchange commands and stolen data with its operators.

Threat Analysis

CloudDuke is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases4

Also Known As

MiniDioniswin.cloud_dukeCloudDukeCloudLook

External Intelligence

Malpedia: win.cloud_duke

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
CloudDuke — APT / Threat Group | Threat Intelligence | CTIWATCH.COM