• About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us
TechTrendFeed
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT
No Result
View All Result
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT
No Result
View All Result
TechTrendFeed
No Result
View All Result

DragonForce targets rivals in a play for dominance – Sophos Information

Admin by Admin
May 24, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


DragonForce isn’t just one other ransomware model – it’s a destabilizing drive making an attempt to reshape the ransomware panorama. Counter Menace Unit (CTU) researchers are actively monitoring the evolution of the menace posed by the group.  

Enter the dragon

DragonForce is concerned in high-impact assaults concentrating on each conventional IT infrastructure and virtualized environments (e.g., VMware ESXi), with a robust emphasis on credential theft, Energetic Listing abuse, and knowledge exfiltration. In March 2025, it launched efforts to assert dominance within the ransomware ecosystem by introducing a extra versatile affiliate mannequin and concentrating on different ransomware teams. 

A collection of assaults on UK retailers that started in late April introduced this group into sharper focus as third-party reviews linked these assaults to DragonForce and the GOLD HARVEST (also referred to as Scattered Spider) menace group. GOLD HARVEST regularly leverages social engineering, abuse of distant monitoring and administration (RMM) instruments, and multi-factor authentication (MFA) bypass strategies to realize entry, steal bulk knowledge, and typically deploy ransomware.  

When DragonForce emerged in August 2023, it provided a standard RaaS scheme. On March 19, 2025, the group introduced a rebrand as a ‘cartel’ to increase its attain, hoping to emulate the success of LockBit and different mature ransomware-as-a-service (RaaS) teams. In observe, it isn’t a cartel operation however an providing that offers associates the flexibleness to leverage DragonForce’s infrastructure and ransomware instruments whereas working underneath their very own manufacturers (see Determine 1). 

A screen capture of the 19 March 2025 announcement; the intro reads "Today I would like to present to you our new direction, we are starting to work in a new vein, according to a new principle. You no longer have to work under our brand, now you can create your own brand under the auspices of an already proven partner time! We the DragonForce Ransomware cartel present to you 'projects' now you create yourself."

Determine 1: Commercial for the DragonForce cartel

DragonForce didn’t simply revamp its enterprise mannequin; it started attacking rival operations. The ‘cartel’ submit coincided with defacements of leak websites operated by the BlackLock and Mamona ransomware teams. The defacements appeared to have been performed by DragonForce, as seen within the side-by-side display screen captures in Determine 2. 

Two screens showing the BlackLock and Mamona defacements as described in text

Determine 2: Defaced Mamona (left) and BlackLock (proper) leak websites

In April, a submit on the RansomHub leak website appeared to advertise the DragonForce cartel, as seen in Determine 3. A DragonForce submit on the RAMP underground discussion board additionally appeared to point that the teams had been working collectively, however the postscript instructed that RansomHub won’t help the collaboration (see Determine 4). RansomHub is among the most prolific teams to emerge following the LockBit disruption and ALPHV (also referred to as BlackCat) demise in 2024. 

A screen capture showing the DragonForce mention on RansomHub as described in text

Determine 3: DragonForce cartel point out on RansomHub leak website

A screen capture showing the "collaboration" -- text reads "DragonForce & RansomHub -- Hi. Don't worry RansomHub will be up soon, they just decided to move to our infrastructure! We are reliable partners. A good example of how 'projects' work, a new option from The DragonForce Ransomware Cartel!" A postscript at the bottom reads "P.S. -- RansomHub hope you are doing well, consider our offer! We are waiting for everyone in our ranks."

Determine 4: DragonForce submit suggesting a collaboration with RansomHub

Shortly after these posts, the RansomHub leak website went offline. The homepage displayed the message “RansomHub R.I.P 03/03/2025.” The “collaboration” between DragonForce and RansomHub seems to have been extra of a hostile takeover by DragonForce. The ‘koley’ persona, who is understood to be a outstanding RansomHub member, posted a defacement of the DragonForce homepage on RAMP (see Determine 5), together with the message “@dragonforce guess you’ve traitors…” Further posts by koley accused DragonForce of working with legislation enforcement, attacking rivals, and telling lies.  

An image showing a crossed-out DragonForce logo and three derpy-looking cartoon dragons

Determine 5: Defacement of the DragonForce leak website shared by RansomHub member ‘koley’

As of this publication, the DragonForce leak website is again on-line after an prolonged interval of down time. Throughout that interval, the homepage displayed a message stating that it might be up once more quickly, and the same message seems on the RansomBay leak website (see Determine 6). 

A pair of images; on the left, DragonForce announcement reads "We will be up soon -- Our blog and files server will be up on 29.04.2025 00:00 UTC Thank you for your patience." On the right, the RansomHub announcement reads "Went on a journey... We're still in search for a pirates!"

Determine 6: DragonForce and RansomBay leak website homepages as of Could 2, 2025

In Could 2025, UK retailer Marks and Spencer was the topic of a major cyberattack that was publicly attributed to GOLD HARVEST (referred to within the reporting as Scattered Spider), though this attribution has not been formally confirmed. This group is a loosely organized cybercriminal collective made up of particular person menace actors who collaborate by a shared community of underground boards and encrypted chat channels utilized by a group of like-minded people often called “The Com.” The menace actors on this group coordinate malicious companies to conduct assaults, alternate instruments, and share ways inside this decentralized ecosystem. GOLD HARVEST reportedly deployed the DragonForce ransomware on this assault.  

GOLD HARVEST has been recognized to function as a ransomware affiliate, deploying ALPHV ransomware in assaults on MGM Resorts in 2023 and reportedly utilizing RansomHub in assaults all through 2024. The menace actors make the most of a variety of ways, strategies, and procedures (TTPs) of their assaults however are recognized for his or her efficient use of social engineering. They usually achieve entry to organizations by concentrating on IT assist desks. Public attribution of the Marks and Spencer assault could also be predicated on the assumption that the assault began with social engineering, maybe concentrating on assist desk employees. 

Social engineering is a common menace throughout the cyber panorama and isn’t distinctive to GOLD HARVEST, though the group has been adept at utilizing this method through e mail and phone calls. There may be rising interaction between social engineering and stolen credentials. GOLD HARVEST is recognized to make use of commodity infostealers equivalent to Vidar and Raccoon, which acquire browser-saved passwords, cookies, and session tokens. These credentials can allow preliminary entry straight or help extra convincing social engineering makes an attempt by permitting attackers to reference inside programs or mimic legit worker habits. 

DragonForce has claimed two assaults impacting UK retailers. These assaults spotlight the necessity for vigilance by corporations within the retail sector. The interior warfare amongst ransomware teams is disruptive to their very own operations however doesn’t scale back threat to organizations. In truth, it might result in extra erratic, opportunistic assaults as teams scramble to claim dominance and monetize stolen knowledge in new methods. Organizations should due to this fact revisit their incident response, menace intelligence, and third-party threat administration methods to stay resilient in an more and more chaotic menace surroundings. 

Suggestions for defenders

Whereas technical controls stay important for detecting and mitigating GOLD HARVEST and DragonForce exercise, they should be strengthened by robust inside processes and constant human vigilance. These assaults reinforce that technical compromises usually start with social compromise. Conversations are regularly the preliminary level of compromise, not exploits. Organizations should scale back their publicity to social engineering by combining technical controls with procedural self-discipline. CTU researchers suggest that organizations take the next actions to mitigate the dangers of those assaults: 

  • Deploy browser isolation and password managers to forestall harvesting of saved credentials. 
  • Implement endpoint detection for infostealer exercise, together with credential and session cookie theft. 
  • Make the most of an id monitoring resolution that makes use of darkish net sources and menace intel feeds to constantly monitor for compromised credentials. 
  • Implement strict id verification protocols for IT help and assist desk interactions. 
  • Set up clear escalation paths to empower front-line employees to withstand uncommon or pressing requests till they are often verified. 
  • Conduct common tabletop workout routines that simulate social engineering and insider menace situations. 
Tags: dominanceDragonForceNewsPlayRivalsSophostargets
Admin

Admin

Next Post
SmartThings Weblog

SmartThings Weblog

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Trending.

Discover Vibrant Spring 2025 Kitchen Decor Colours and Equipment – Chefio

Discover Vibrant Spring 2025 Kitchen Decor Colours and Equipment – Chefio

May 17, 2025
Reconeyez Launches New Web site | SDM Journal

Reconeyez Launches New Web site | SDM Journal

May 15, 2025
Safety Amplified: Audio’s Affect Speaks Volumes About Preventive Safety

Safety Amplified: Audio’s Affect Speaks Volumes About Preventive Safety

May 18, 2025
Flip Your Toilet Right into a Good Oasis

Flip Your Toilet Right into a Good Oasis

May 15, 2025
Apollo joins the Works With House Assistant Program

Apollo joins the Works With House Assistant Program

May 17, 2025

TechTrendFeed

Welcome to TechTrendFeed, your go-to source for the latest news and insights from the world of technology. Our mission is to bring you the most relevant and up-to-date information on everything tech-related, from machine learning and artificial intelligence to cybersecurity, gaming, and the exciting world of smart home technology and IoT.

Categories

  • Cybersecurity
  • Gaming
  • Machine Learning
  • Smart Home & IoT
  • Software
  • Tech News

Recent News

How authorities cyber cuts will have an effect on you and your enterprise

How authorities cyber cuts will have an effect on you and your enterprise

July 9, 2025
Namal – Half 1: The Shattered Peace | by Javeria Jahangeer | Jul, 2025

Namal – Half 1: The Shattered Peace | by Javeria Jahangeer | Jul, 2025

July 9, 2025
  • About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us

© 2025 https://techtrendfeed.com/ - All Rights Reserved

No Result
View All Result
  • Home
  • Tech News
  • Cybersecurity
  • Software
  • Gaming
  • Machine Learning
  • Smart Home & IoT

© 2025 https://techtrendfeed.com/ - All Rights Reserved