DragonForce

About

This significant group of Masked Actors emerged initially in the Middle East and Asia. DragonForce has since expanded globally with its ransomware and hacktivist operations. Its 2023 attack on a Saudi firm led to the theft of 6 terabytes of data, suggesting high potential for financial extortion.

Active since

August 2023

Primary targets

Encryption and data loss, system compromise, significant financial losses, reputational damage, and evolution of threats

Motivation

A likely mix of financial gain and geopolitical hacktivism, using double-extortion tactics.

Heritage

Possible connections to known hacktivist groups (DragonForce Malaysia)

Learn more about DragonForce from Group-IB’s research

Blog "Inside the Dragon: DragonForce Ransomware Group"

Podcast "DragonForce: The Cyber Cartel Helping Hackers Hit the High Street"

Victims

Between August 2023 and August 2024, DragonForce targeted 82 victims. Large-scale breaches include an attack on an Elite Fitness retainer in New Zealand. DragonForce goes for government agencies and high-profile firms in manufacturing, real estate, and transport. Often in regions with geopolitical tensions.

What we know about DragonForce members

Some links to DragonForce Malaysia (a hacktivist group), but we have no confirmed identities of individuals. DragonForce runs an RaaS affiliate program, offering 80% of the ransom to affiliates.