APT / THREAT GROUP💰 FINANCIAL
cloak
1
aliases
Intelligence Profile
Cloak is a ransomware-as-a-service operation active since late 2022, primarily targeting small-to-medium enterprises in Europe — especially Germany — across manufacturing, healthcare, education, and government sectors, with expansion into North American and Asian targets by 2025.
Threat Analysis
cloak is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like cloak prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
Intelligence Reports Mentioning cloak
Massive AI investment scam network spans 15,500 domains
Malwarebytes Labs· May 7, 2026
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
The Hacker News· Mar 30, 2026
Privacy Platform Cloaked Raises $375M to Expand Enterprise Reach
SecurityWeek· Mar 19, 2026
How a Tax Search Leads to Kernel-Mode AV/EDR Kill
Huntress Blog· Mar 19, 2026
External References
Quick Facts
TypeAPT / Threat Group
Motivation💰 financial
Aliases1
Also Known As
cloak
DLS Infrastructure
● ONLINEcloak7jpvcb73rtx2ff7kaw2kholu7bdiivxpzbhlny4ybz75dpxckqd.onion
○ OFFLINE6mw4yczxeqoiq7rgwnpi75qxsjd5jykuutpatflybodwlckoarhfdlid.onion
○ OFFLINE7puvv4qtcrigzbxshqibkpibzbmrs6thb7s6uf3tisqfp3t2ddpp66id.onion
○ OFFLINEjpef6snenchj3rxgugsozky3i34q66vmcoqy7neyu37xxiwxrad5doid.onion
○ OFFLINEglrw7ip5gz2fv2njbiqfvg5uiwavllw5zuixko4yrpj5hta7fjwqpjqd.onion
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.