Dragonforce

Malware updated 6 months ago (2024-11-29T14:45:12.603Z)

Download STIX

Preview STIX

DragonForce is a malicious software (malware) developed by a hacktivist group of the same name. This malware has been used in a series of attacks targeting various organizations globally. In 2022, DragonForce targeted over 70 government and commercial entities in India, disrupting their web resources. The group has also shown increased activity during the Olympic games, aligning with pro-Russian groups like LulzSec, noname057(16), Cyber Army Russia Reborn, and Cyber Dragon. These activities have raised concerns about DragonForce's potential to disrupt major global events. The DragonForce ransomware group is relatively new but exhibits tactics, negotiation styles, and data leak strategies that suggest they are an experienced extortion group. Their malware uses modified versions of LockBit and Conti ransomware, as evidenced in their attacks. Despite the newness of the group, they have already claimed significant breaches, including an attack on the Ohio Lottery system. The stolen files allegedly contain information belonging to customers and employees of the lottery, marking a significant breach of personal data. While there is limited information about the DragonForce ransomware gang, cybersecurity company Tripwire cautions against making assumptions based on the group's name. It is possible that the name "DragonForce" was chosen intentionally to mislead investigators or as a form of mischief-making. As such, the actual identity and origin of the group remain uncertain. Regardless, the impact of their activities underscores the need for robust cybersecurity measures to protect against such threats.

Description last updated: 2024-09-29T17:17:55.194Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Lockbit is a possible alias for Dragonforce. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers or	4
Lockbit Black is a possible alias for Dragonforce. LockBit Black, also known as LockBit 3.0, is a malicious software that emerged in early 2022 following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. The malware has been developed to exploit and damage computer systems by encrypting files, often leading to ransom demands	2
Dragonforce Malaysia is a possible alias for Dragonforce.	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Hacktivist

Cybercrime

Malware

Data Leak

Ransom

Exploit

Extortion

RaaS

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Scattered Spider Threat Actor is associated with Dragonforce. Scattered Spider, also known as Octo Tempest, 0ktapus, and UNC3944, is a notorious threat actor group involved in major data extortion campaigns. This cybercriminal group has been associated with high-profile attacks on organizations like Caesars Entertainment and MGM, often in collaboration with th	Unspecified	3
The Ransomhub Threat Actor is associated with Dragonforce. RansomHub, a threat actor in the realm of cybersecurity, has emerged as a significant player within the ransomware landscape. The group is known for its malicious activities, including data breaches and extortion attempts. It has been observed that RansomHub affiliates actively participate in campai	Unspecified	2
The UNC3944 Threat Actor is associated with Dragonforce. UNC3944, also known as Scattered Spider or 0ktapus, is a notable threat actor in the cybersecurity landscape. This group primarily targets telecommunication firms and tech companies, but has expanded its operations to hospitality, retail, media, and financial services sectors. The group's modus oper	Unspecified	2

Source Document References

Information about the Dragonforce Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	2 days ago	Security Affairs newsletter Round 526 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 days ago	Victoria’s Secret's website offline following a cyberattack
Securityaffairs	7 days ago	DragonForce operator chained SimpleHelp flaws to target an MSP and its customers
InfoSecurity-magazine	7 days ago	DragonForce Ransomware Leveraged in MSP Attack Using RMM Tool
InfoSecurity-magazine	12 days ago	DragonForce Engages in
InfoSecurity-magazine	14 days ago	M&S Braces for £300 Million Cyber-Attack Costs
Securityaffairs	17 days ago	Shields up US retailers. Scattered Spider threat actors can target them
InfoSecurity-magazine	20 days ago	Ransomware Enters ‘Post-Trust Ecosystem,’ NCA Cyber Expert Says
Securityaffairs	21 days ago	Marks and Spencer confirms data breach after April cyber attack
InfoSecurity-magazine	21 days ago	M&S Confirms Customer Data Stolen in Cyber-Attack
Checkpoint	22 days ago	12th May – Threat Intelligence Report - Check Point Research
Securityaffairs	23 days ago	Security Affairs newsletter Round 523 by Pierluigi Paganini – INTERNATIONAL EDITION
InfoSecurity-magazine	a month ago	UK Government Warns Retail Attacks Must Serve as a “Wake-up Call”
InfoSecurity-magazine	a month ago	Inside DragonForce, the Group Tied to M&S, Co-op and Harrods Hacks
Checkpoint	a month ago	5th May – Threat Intelligence Report - Check Point Research
Securityaffairs	a month ago	Security Affairs newsletter Round 522 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	a month ago	DragonForce group claims the theft of data after Co-op cyberattack
InfoSecurity-magazine	a month ago	Harrods Latest UK Retailer to Fall Victim to Cyber-Attack
Securityaffairs	a month ago	Luxury department store Harrods suffered a cyberattack
InfoSecurity-magazine	a month ago	Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes