Dragonforce

Malware updated 7 months ago (2024-11-29T14:45:12.603Z)

Download STIX

Preview STIX

DragonForce is a malicious software (malware) developed by a hacktivist group of the same name. This malware has been used in a series of attacks targeting various organizations globally. In 2022, DragonForce targeted over 70 government and commercial entities in India, disrupting their web resources. The group has also shown increased activity during the Olympic games, aligning with pro-Russian groups like LulzSec, noname057(16), Cyber Army Russia Reborn, and Cyber Dragon. These activities have raised concerns about DragonForce's potential to disrupt major global events. The DragonForce ransomware group is relatively new but exhibits tactics, negotiation styles, and data leak strategies that suggest they are an experienced extortion group. Their malware uses modified versions of LockBit and Conti ransomware, as evidenced in their attacks. Despite the newness of the group, they have already claimed significant breaches, including an attack on the Ohio Lottery system. The stolen files allegedly contain information belonging to customers and employees of the lottery, marking a significant breach of personal data. While there is limited information about the DragonForce ransomware gang, cybersecurity company Tripwire cautions against making assumptions based on the group's name. It is possible that the name "DragonForce" was chosen intentionally to mislead investigators or as a form of mischief-making. As such, the actual identity and origin of the group remain uncertain. Regardless, the impact of their activities underscores the need for robust cybersecurity measures to protect against such threats.

Description last updated: 2024-09-29T17:17:55.194Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Lockbit is a possible alias for Dragonforce. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers or	4
Dragonforce Malaysia is a possible alias for Dragonforce.	2
Lockbit Black is a possible alias for Dragonforce. LockBit Black, also known as LockBit 3.0, is a malicious software that emerged in early 2022 following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. The malware has been developed to exploit and damage computer systems by encrypting files, often leading to ransom demands	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Hacktivist

Data Leak

Cybercrime

Malware

RaaS

Ransom

Simplehelp

Extortion

Exploit

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Scattered Spider Threat Actor is associated with Dragonforce. Scattered Spider, also known as Octo Tempest, 0ktapus, and UNC3944, is a notorious threat actor group involved in major data extortion campaigns. This cybercriminal group has been associated with high-profile attacks on organizations like Caesars Entertainment and MGM, often in collaboration with th	Unspecified	3
The Ransomhub Threat Actor is associated with Dragonforce. RansomHub, a threat actor in the realm of cybersecurity, has emerged as a significant player within the ransomware landscape. The group is known for its malicious activities, including data breaches and extortion attempts. It has been observed that RansomHub affiliates actively participate in campai	Unspecified	2
The UNC3944 Threat Actor is associated with Dragonforce. UNC3944, also known as Scattered Spider or 0ktapus, is a notable threat actor in the cybersecurity landscape. This group primarily targets telecommunication firms and tech companies, but has expanded its operations to hospitality, retail, media, and financial services sectors. The group's modus oper	Unspecified	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The vulnerability CVE-2024-57727 is associated with Dragonforce.	Unspecified	2

Source Document References

Information about the Dragonforce Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	2 days ago	The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M
InfoSecurity-magazine	7 days ago	Ransomware Group Qilin Offers Legal Counsel to Affiliates
InfoSecurity-magazine	12 days ago	Ransomware Gang Exploits SimpleHelp RMM to Compromise Utility Billing
InfoSecurity-magazine	15 days ago	Mastery Schools Notifies 37,031 of Major Data Breach
InfoSecurity-magazine	19 days ago	Scattered Spider Uses Tech Vendor Impersonation to Target Helpdesks
InfoSecurity-magazine	21 days ago	UK Retail Hack Was 'Subtle, Not Complex,' Says River Island CISO
Securityaffairs	24 days ago	Security Affairs newsletter Round 526 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	a month ago	Victoria’s Secret's website offline following a cyberattack
Securityaffairs	a month ago	DragonForce operator chained SimpleHelp flaws to target an MSP and its customers
InfoSecurity-magazine	a month ago	DragonForce Ransomware Leveraged in MSP Attack Using RMM Tool
InfoSecurity-magazine	a month ago	DragonForce Engages in
InfoSecurity-magazine	a month ago	M&S Braces for £300 Million Cyber-Attack Costs
Securityaffairs	a month ago	Shields up US retailers. Scattered Spider threat actors can target them
InfoSecurity-magazine	a month ago	Ransomware Enters ‘Post-Trust Ecosystem,’ NCA Cyber Expert Says
Securityaffairs	a month ago	Marks and Spencer confirms data breach after April cyber attack
InfoSecurity-magazine	a month ago	M&S Confirms Customer Data Stolen in Cyber-Attack
Checkpoint	a month ago	12th May – Threat Intelligence Report - Check Point Research
Securityaffairs	a month ago	Security Affairs newsletter Round 523 by Pierluigi Paganini – INTERNATIONAL EDITION
InfoSecurity-magazine	2 months ago	UK Government Warns Retail Attacks Must Serve as a “Wake-up Call”
InfoSecurity-magazine	2 months ago	Inside DragonForce, the Group Tied to M&S, Co-op and Harrods Hacks