Dragonforce

Malware updated 5 months ago (2024-11-29T14:45:12.603Z)

Download STIX

Preview STIX

DragonForce is a malicious software (malware) developed by a hacktivist group of the same name. This malware has been used in a series of attacks targeting various organizations globally. In 2022, DragonForce targeted over 70 government and commercial entities in India, disrupting their web resources. The group has also shown increased activity during the Olympic games, aligning with pro-Russian groups like LulzSec, noname057(16), Cyber Army Russia Reborn, and Cyber Dragon. These activities have raised concerns about DragonForce's potential to disrupt major global events. The DragonForce ransomware group is relatively new but exhibits tactics, negotiation styles, and data leak strategies that suggest they are an experienced extortion group. Their malware uses modified versions of LockBit and Conti ransomware, as evidenced in their attacks. Despite the newness of the group, they have already claimed significant breaches, including an attack on the Ohio Lottery system. The stolen files allegedly contain information belonging to customers and employees of the lottery, marking a significant breach of personal data. While there is limited information about the DragonForce ransomware gang, cybersecurity company Tripwire cautions against making assumptions based on the group's name. It is possible that the name "DragonForce" was chosen intentionally to mislead investigators or as a form of mischief-making. As such, the actual identity and origin of the group remain uncertain. Regardless, the impact of their activities underscores the need for robust cybersecurity measures to protect against such threats.

Description last updated: 2024-09-29T17:17:55.194Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Lockbit is a possible alias for Dragonforce. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers or	4
Dragonforce Malaysia is a possible alias for Dragonforce.	2
Lockbit Black is a possible alias for Dragonforce. LockBit Black, also known as LockBit 3.0, is a malicious software that emerged in early 2022 following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. The malware has been developed to exploit and damage computer systems by encrypting files, often leading to ransom demands	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Hacktivist

Data Leak

Cybercrime

Malware

Ransom

Extortion

Exploit

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Scattered Spider Threat Actor is associated with Dragonforce. Scattered Spider, also known as Octo Tempest, 0ktapus, and UNC3944, is a notorious threat actor group involved in major data extortion campaigns. This cybercriminal group has been associated with high-profile attacks on organizations like Caesars Entertainment and MGM, often in collaboration with th	Unspecified	3

Source Document References

Information about the Dragonforce Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Checkpoint	10 hours ago	12th May – Threat Intelligence Report - Check Point Research
Securityaffairs	a day ago	Security Affairs newsletter Round 523 by Pierluigi Paganini – INTERNATIONAL EDITION
InfoSecurity-magazine	6 days ago	UK Government Warns Retail Attacks Must Serve as a “Wake-up Call”
InfoSecurity-magazine	6 days ago	Inside DragonForce, the Group Tied to M&S, Co-op and Harrods Hacks
Checkpoint	7 days ago	5th May – Threat Intelligence Report - Check Point Research
Securityaffairs	9 days ago	Security Affairs newsletter Round 522 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	9 days ago	DragonForce group claims the theft of data after Co-op cyberattack
InfoSecurity-magazine	11 days ago	Harrods Latest UK Retailer to Fall Victim to Cyber-Attack
Securityaffairs	11 days ago	Luxury department store Harrods suffered a cyberattack
InfoSecurity-magazine	17 days ago	Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes
InfoSecurity-magazine	19 days ago	FBI Reveals “Staggering” $16.6bn Lost to Cybercrime in 2024
Securityaffairs	2 months ago	BlackLock Ransomware Targeted by Cybersecurity Firm
Securityaffairs	2 months ago	Security Affairs newsletter Round 513 by Pierluigi Paganini – INTERNATIONAL EDITION
InfoSecurity-magazine	3 months ago	DragonForce Ransomware Hits Saudi Firm, 6TB Data Stolen
Securityaffairs	3 months ago	DragonForce Ransomware Group is Targeting Saudi Arabia
Securityaffairs	7 months ago	Security Affairs newsletter Round 491 by Pierluigi Paganini – INTERNATIONAL EDITION
CERT-EU	a year ago	Ohio Lottery hit by cyberattack claimed by DragonForce ransomware
CERT-EU	a year ago	DragonForce Ransomware Gang Prompts Ohio Lottery to Shut Down
CERT-EU	2 years ago	Cybersecurity threatscape of Asia: 2022–2023 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
Fortinet	10 months ago	Dark Web Shows Cybercriminals Ready for Olympics. Are You? \| FortiGuard Labs