Dragonforce

Malware updated a month ago (2024-09-29T18:01:12.149Z)
Download STIX
Preview STIX
DragonForce is a malicious software (malware) developed by a hacktivist group of the same name. This malware has been used in a series of attacks targeting various organizations globally. In 2022, DragonForce targeted over 70 government and commercial entities in India, disrupting their web resources. The group has also shown increased activity during the Olympic games, aligning with pro-Russian groups like LulzSec, noname057(16), Cyber Army Russia Reborn, and Cyber Dragon. These activities have raised concerns about DragonForce's potential to disrupt major global events. The DragonForce ransomware group is relatively new but exhibits tactics, negotiation styles, and data leak strategies that suggest they are an experienced extortion group. Their malware uses modified versions of LockBit and Conti ransomware, as evidenced in their attacks. Despite the newness of the group, they have already claimed significant breaches, including an attack on the Ohio Lottery system. The stolen files allegedly contain information belonging to customers and employees of the lottery, marking a significant breach of personal data. While there is limited information about the DragonForce ransomware gang, cybersecurity company Tripwire cautions against making assumptions based on the group's name. It is possible that the name "DragonForce" was chosen intentionally to mislead investigators or as a form of mischief-making. As such, the actual identity and origin of the group remain uncertain. Regardless, the impact of their activities underscores the need for robust cybersecurity measures to protect against such threats.
Description last updated: 2024-09-29T17:17:55.194Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Lockbit is a possible alias for Dragonforce. LockBit is a type of malware, specifically a ransomware, that infiltrates systems to exploit and damage them. It's known for its disruptive activities such as stealing personal information or holding data hostage for ransom. The LockBit ransomware gang has claimed responsibility for several high-pro
4
Lockbit Black is a possible alias for Dragonforce. LockBit Black, also known as LockBit 3.0, is a malicious software that emerged in early 2022 following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. The malware has been developed to exploit and damage computer systems by encrypting files, often leading to ransom demands
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Hacktivist
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.