Menu
Browse

Cyber Threat Actor: @cloakXkeyboard

Actor Type Location Known Incidents
 Icon
Criminal
United States of America
1 incident
Profile

Thethreat actor known by the alias @cloakXkeyboard operates from the United States of America and has been observed engaging in the illicit trade of stolen personal information. This actor’s public presence is limited to a single reported incident in which they offered for sale a large dataset obtained from an online healthcare professional directory service. The alias suggests a focus on concealment, though no further details about the actor’s infrastructure, affiliations, or broader operational scope are available in open sources.

On April 11, 2020, @cloakXkeyboard advertised the personal data of approximately 1.41 million United States doctors, which had been exfiltrated from a healthcare directory platform. The compromised records included full names, gender, hospital affiliations, practice addresses, telephone numbers, and medical license numbers, while email addresses and detailed medical records were not part of the leak. The sale of this dataset was reported on a hacker forum, highlighting the actor’s role as a supplier of sensitive personal information to other malicious parties. Security analysts noted that the breach exposed healthcare workers to heightened risk during the COVID‑19 pandemic, as the stolen contact details could be leveraged for unsolicited messaging, deceptive campaigns, or credential‑theft attempts.

Experts warned that the specificity of the stolen information—such as practice locations and license numbers—could enable follow‑on activities like targeted phishing, smishing, or the spread of misinformation aimed at medical professionals. Although the actor’s direct involvement in any subsequent attacks has not been documented, the availability of the data increased the potential for financially motivated abuse, including ransomware preludes or fraud schemes. The incident remains the sole publicly attributed operation linked to @cloakXkeyboard, providing a concrete example of how the monetization of healthcare data can create broader security challenges for a critical sector.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources