DragonForce Victimisation on the Rise

share
Header image

DragonForce Victimisation on the Rise

share

Dragonforce also contacted M&S regarding the recent cyber-attack. 


More than 120 organisations across various industries worldwide have been compromised by the DragonForce ransomware gang over the past 12 months.

According to research by Bitdefender and published by GBHackers News, DragonForce has harnessed living-off-the-land techniques for persistence and lateral movement across various networks.

DragonForce, which demanded a $7 million ransom in an intrusion last year, was also observed to have entered partnerships with other RaaS operations. Other RaaS gangs, such as LockBit and RansomHub, were attempted to be taken over by DragonForce, which proceeded to vandalise their data leak sites and target their attack infrastructure in a bid to assert dominance in the ransomware threat landscape.

Gloating Email

The research coincided with news that the DragonForce operators sent a threatening and vulgar ransom email to M&Sp CEO Stuart Machin using a compromised employee email, gloating over a ransomware attack that reportedly crippled the retailer's systems.

The message, obtained by the BBC through a cybersecurity expert, included racist language and a link to a darknet portal for ransom negotiations.

DragonForce claimed responsibility for encrypting M&S servers and stealing customer data, stating they accessed cyber-insurance details and aimed to start talks.

The compromised account belonged to a Tata Consultancy Services employee embedded in M&S operations, but TCS denies the breach originated from its systems. M&S has declined to comment, and it remains unclear whether any ransom has been paid.



Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

MalwareRansomware Published: 9 June Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Medical device threats increasingly disrupt healthcare systems

Medical device threats increasingly disrupt healthcare systems

 Zero Click Attacks: The Risk To Business

Zero Click Attacks: The Risk To Business

 Ransomware disrupts Autovista's systems

Ransomware disrupts Autovista's systems
KPMG refutes Nova ransomware attack claims

KPMG refutes Nova ransomware attack claims

 NCA officer awarded OBE for role in LockBit ransomware takedown

NCA officer awarded OBE for role in LockBit ransomware takedown

 Qilin Claims Responsibility for Argentinian Football Club Hack

Qilin Claims Responsibility for Argentinian Football Club Hack
The NCSC’s Warning To UK Firms: How To Boost Incident Response

The NCSC’s Warning To UK Firms: How To Boost Incident Response