Dragonforce

Malware updated 25 days ago (2024-08-14T09:51:52.652Z)

Download STIX

Preview STIX

DragonForce is a notorious malware and ransomware group that has made its presence felt across the globe. The group first gained attention in 2022, when it launched cyberattacks on over 70 government and commercial organizations in India, following offensive remarks against Prophet Muhammad by Nupur Sharma, a spokesperson of the Bharatiya Janata Party (BJP) of the Indian Government. DragonForce Malaysia, despite maintaining anonymity, boldly asserts its presence across various social platforms. It was also implicated in a wave of hacktivist activities led by pro-Russian groups like LulzSec, noname057(16), Cyber Army Russia Reborn, Cyber Dragon, and Dragonforce, targeting the Olympic games in response to Russia and Belarus's exclusion. The threat actors behind DragonForce are experienced in their tactics, negotiation style, and data leak operations, as evidenced by their sophisticated attacks and the existence of a dedicated data leak site. A notable incident involved an attack on Ohio Lottery customers and employees, with allegedly stolen files appearing on the DragonForce data leak site. However, the state lottery did not link the incident to any known threat actors or hacking groups, even though DragonForce claimed responsibility for the attack. In 2023, DragonForce Malaysia announced plans to create a ransomware operation, but cybersecurity researchers have found little evidence to attribute the ransomware attacks directly to this Malaysian group. The group has been active in voicing opposition to conflicts such as Israel's war on Hamas, targeting several Israeli organizations. Nevertheless, cybersecurity company Tripwire cautions that the similar names among these groups might not necessarily indicate a connection, suggesting that the name "DragonForce" could be intentionally chosen by the ransomware gang to mislead investigators.

Description last updated: 2024-08-14T09:08:17.556Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Lockbit Black	2	LockBit Black, also known as LockBit 3.0, is a sophisticated malware variant that emerged in early 2022. This malicious software encrypts files and disrupts operations on infected devices, often demanding a ransom for the restoration of data. Developed as an iteration of LockBit 2.0 (LockBit Red) re

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Lockbit	Unspecified	3	LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc

Source Document References

Information about the Dragonforce Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	8 months ago	Ohio Lottery hit by cyberattack claimed by DragonForce ransomware
CERT-EU	8 months ago	DragonForce Ransomware Gang Prompts Ohio Lottery to Shut Down
CERT-EU	a year ago	Cybersecurity threatscape of Asia: 2022–2023 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
Fortinet	2 months ago	Dark Web Shows Cybercriminals Ready for Olympics. Are You? \| FortiGuard Labs
BankInfoSecurity	2 months ago	New Zealand Fitness Retailer Hit By DragonForce Ransomware
InfoSecurity-magazine	4 months ago	DragonForce Ransomware Group Uses LockBit’s Leaked Builder
CERT-EU	8 months ago	Little-known ransomware gang claims responsibility for cyberattack on Ohio Lottery \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	8 months ago	Yakult Australia confirms 'cyber incident' after 95 GB data leak
CERT-EU	a year ago	6 Facts About Malaysia’s Hacker Group, DragonForce that You Should Know About \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting