04 DragonForce

DragonForce

Region

Asia-Pacific,

Global,

Middle East and Africa

Industries

Government,

Healthcare,

Logistics & Transportation,

Manufacturing,

Real Estate

First seen

August 2023

Cybercrime

Encryption and data loss, system compromise, significant financial losses, reputational damage, and evolution of threats

Heritage

Possible connections to known hacktivist groups (DragonForce Malaysia)

Categorizations

Ransomware-as-a-Service (RaaS)

About

This significant group of Masked Actors emerged initially in the Middle East and Asia. DragonForce has since expanded globally with its ransomware and hacktivist operations. Its 2023 attack on a Saudi firm led to the theft of 6 terabytes of data, suggesting high potential for financial extortion.

Learn more about DragonForce from Group-IB’s research

Inside the Dragon: DragonForce Ransomware Group

Victims

Between August 2023 and August 2024, DragonForce targeted 82 victims. Large-scale breaches include an attack on an Elite Fitness retainer in New Zealand. DragonForce goes for government agencies and high-profile firms in manufacturing, real estate, and transport. Often in regions with geopolitical tensions.

What we know about DragonForce members

Some links to DragonForce Malaysia (a hacktivist group), but we have no confirmed identities of individuals. DragonForce runs an RaaS affiliate program, offering 80% of the ransom to affiliates.

Motivations

A likely mix of financial gain and geopolitical hacktivism, using double-extortion tactics.