Dragonforce

Malware updated 4 days ago (2024-11-29T14:45:12.603Z)
Download STIX
Preview STIX
DragonForce is a malicious software (malware) developed by a hacktivist group of the same name. This malware has been used in a series of attacks targeting various organizations globally. In 2022, DragonForce targeted over 70 government and commercial entities in India, disrupting their web resources. The group has also shown increased activity during the Olympic games, aligning with pro-Russian groups like LulzSec, noname057(16), Cyber Army Russia Reborn, and Cyber Dragon. These activities have raised concerns about DragonForce's potential to disrupt major global events. The DragonForce ransomware group is relatively new but exhibits tactics, negotiation styles, and data leak strategies that suggest they are an experienced extortion group. Their malware uses modified versions of LockBit and Conti ransomware, as evidenced in their attacks. Despite the newness of the group, they have already claimed significant breaches, including an attack on the Ohio Lottery system. The stolen files allegedly contain information belonging to customers and employees of the lottery, marking a significant breach of personal data. While there is limited information about the DragonForce ransomware gang, cybersecurity company Tripwire cautions against making assumptions based on the group's name. It is possible that the name "DragonForce" was chosen intentionally to mislead investigators or as a form of mischief-making. As such, the actual identity and origin of the group remain uncertain. Regardless, the impact of their activities underscores the need for robust cybersecurity measures to protect against such threats.
Description last updated: 2024-09-29T17:17:55.194Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Lockbit is a possible alias for Dragonforce. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers or
4
Lockbit Black is a possible alias for Dragonforce. LockBit Black, also known as LockBit 3.0, is a malicious software that emerged in early 2022 following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. The malware has been developed to exploit and damage computer systems by encrypting files, often leading to ransom demands
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Hacktivist
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Dragonforce Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
2 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Fortinet
5 months ago
BankInfoSecurity
5 months ago
InfoSecurity-magazine
7 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago