DragonForce Group Cybercrime Operations Analysis

This technical report provides an analysis of the DragonForce group, which has transitioned from a pro-Palestinian hacktivist organization to a ransomware cartel since its emergence in August 2023. The report outlines the group's operational base in Malaysia, its alliances with other cybercriminal entities, and its shift towards financial objectives while maintaining some ideological motivations. It details the group's Ransomware-as-a-Service (RaaS) model, which includes customizable ransomware kits and a centralized administration for overseeing operations. The report also identifies the primary sectors targeted by DragonForce, including retail and government institutions, and discusses the psychological manipulation tactics employed to coerce ransom payments. Furthermore, it presents the potential systemic impact of DragonForce's operations on critical infrastructure in Europe and highlights the need for increased awareness and cooperation to counter this emerging threat.