Cloak surfaced on tracking systems only days ago, posting eight claimed victims within a 48-hour window between June 16 and June 18, 2026, with the sole sector-labeled claim falling in Business Services and the sole country-labeled claim pointing to Germany, consistent with the group's described historical focus on German-market targets. The rapid, compressed cluster of postings, several of which appear to be duplicate or redacted entries for the same targets, suggests either a coordinated data-drop or administrative testing of their leak infrastructure. Cloak is described as a ransomware-as-a-service operation that gains initial access through malvertising and compromised installer packages, then moves laterally using tools already present on victim networks before deploying its encryptor; the group is also noted to disable security tooling prior to encryption to reduce detection chances. All eight claims should be treated as unverified assertions by the group itself until independently confirmed.