Incidents attributed to:

ItaDuke

ItaDuke is an actor known since 2013. It used PDF exploits for dropping malware and Twitter accounts to store C2 server urls.

ItaDuke is an actor known since 2013. It used PDF exploits for dropping malware and Twitter accounts to store C2 server urls. On 2018, an actor named DarkUniverse, which was active between 2009 to 2017, was attributed to this ItaDuke by Kaspersky.

Also known as

DarkUniverse, SIG27.

References

securelist.com
fireeye.com
securelist.com

Actor metadata imported from Malpedia (Fraunhofer FKIE).