More than 120 organizations across various industries worldwide have been compromised by the DragonForce ransomware gang, which has since shifted from a ransomware-as-a-service to a ransomware cartel operation, over the past 12 months, according to GBHackers News.
After achieving initial access via phishing, credential stuffing, and the exploitation of multiple security flaws, including CVE-2024-21412, CVE-2024-21887, and CVE-2024-21893, DragonForce has harnessed living-off-the-land techniques for persistence and lateral movement across various networks, a report from Bitdefender showed. DragonForce, which has demanded a $7 million ransom in an intrusion last year, was also observed to have entered partnerships with other RaaS operations. Other RaaS gangs, such as LockBit and RansomHub, were attempted to be taken over by DragonForce, which proceeded to vandalize their data leak sites and target their attack infrastructure in a bid to assert dominance in the ransomware threat landscape. Such aggressive moves by DragonForce should prompt organizations to bolster their defenses and mitigations against the ransomware operation.
After achieving initial access via phishing, credential stuffing, and the exploitation of multiple security flaws, including CVE-2024-21412, CVE-2024-21887, and CVE-2024-21893, DragonForce has harnessed living-off-the-land techniques for persistence and lateral movement across various networks, a report from Bitdefender showed. DragonForce, which has demanded a $7 million ransom in an intrusion last year, was also observed to have entered partnerships with other RaaS operations. Other RaaS gangs, such as LockBit and RansomHub, were attempted to be taken over by DragonForce, which proceeded to vandalize their data leak sites and target their attack infrastructure in a bid to assert dominance in the ransomware threat landscape. Such aggressive moves by DragonForce should prompt organizations to bolster their defenses and mitigations against the ransomware operation.
