DragonForce Ransomware Gang | From Hacktivists to High Street Extortionists

SUMMARY :

The DragonForce ransomware group, initially a pro-Palestine hacktivist operation, has evolved into a profit-driven extortion enterprise targeting UK retailers and various global entities. Emerging in August 2023, the group now employs a multi-extortion model, threatening data leaks and reputational damage. Their tactics include phishing, vulnerability exploitation, and credential stuffing for initial access. DragonForce has developed its own ransomware based on leaked LockBit and Conti code, offering customizable payloads for different platforms. Recently, they introduced a 'white-label' service allowing affiliates to disguise attacks under different brands. The group's expansion and self-branding as a 'Ransomware Cartel' indicate a strategic move to elevate their status in the cybercrime landscape.

OPENCTI LABELS :

cobalt strike,ransomware,cve-2024-21887,cve-2024-21893,cve-2023-46805,cve-2021-44228,cve-2024-21412,extortion,systembc,multi-extortion,dragonforce ransomware,white-label


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


DragonForce Ransomware Gang | From Hacktivists to High Street Extortionists