ItaDuke is an actor known since 2013. It used PDF exploits for dropping malware and Twitter accounts to store C2 server urls. On 2018, an actor named ...

Threat Actor Profile

ItaDuke

Real-Time Alerts

Actor Overview

Related Threat Reports

Premium
APT Campaign Analysis - Q4 2025Dec 2025
New Tactics Observed in WildDec 2025
Infrastructure Mapping ReportDec 2025
Stay Updated

Get alerts when new intel on ItaDuke is published.

Actor Details

Primary Name
ItaDuke
Known Aliases
DarkUniverse, SIG27
Data Source
Precursor Intelligence
Need API Access?

Integrate threat actor data into your SIEM or SOAR.

View Plans →