dragonforce
Ransomware group profile
391Victims
MalaysiaSource country
101Impact score
Also Known As
Water Tambanakua
Description
DragonForce is a politically-motivated hacktivist group known for executing cyber attacks in response to geopolitical events. The group employs tactics such as website defacement, data leaks, and DDoS attacks, often targeting entities they ideologically oppose. Their operations are heavily publicized through social media to gain support and amplify their messages.
Key insights
- •Utilizes website defacement as a tactic to promote political messages.
- •Involved in data leaks and DDoS attacks against targeted entities.
- •Rapidly exploits newly disclosed vulnerabilities for conducting attacks.
- •Employs sophisticated phishing techniques for initial access.
- •Known for leveraging social media platforms to publicize their actions.
- •Uses multi-extortion techniques involving both ransomware and data exposure.
- •Originally emerged as a pro-Palestine group but evolved into a broader hacktivist campaign.
Threat Level & Status Breakdown
For dragonforce · Based on incidents in selected period
3.8threat level
Aggressiveness10/ 10
Lethality0.1/ 10
Criticality1.1/ 10
Status Breakdown
Data Leaked1.3%5
Claimed94.6%370
First seenJun 2025
Last seenMay 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 2, 2026
Recent activity
Monthly attack count for dragonforce in the selected period
391Total attacks
65peak in Apr
32.6avg / month
↑ 34 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for dragonforce
- 85484f00d81ac2e7dad712e67a6fcd10
- f0ac3999d4020cd051052a0627a2056d
- 4fde7b67da86fdd1587f78254acf9cd6766a7d77
- 72231dc69a71f3ac971fa335dc79a04569dd7a09
- 39c241a0ad373f13930ba0ca959ef9c1bd6156245a1bd56b8564c03277474707
- 88bd49b1bd9c2bde78bc4e394c993035e0fde3ea
- 468121e7d6952799f92940677268937c4c5f92ed
- 3b80a13199564e3d8a9d26e14defabee136638f8
- 9b04a93e05ccff94667f04bffa7af600
- 203fd36eed61f7c0f9225cf5a824d39a3a891f63c908586801e350f785f0ddca
- 33b494eaaa6d7ed75eec74f8c8c866b6c42f59ca72b8517b3d4752c3313e617c
- 3e958a16db654e438a3ed3d7e6a3deccc2190eed
- b7703a59c39a0d2f7ef6422945aaeaaf061431af0533557246397551b8eed505
- c7d7f0725df47272a7dd40450ae1e833317ba8f9
- 254b7cca40f9e624b21841f60bff0919
- 2515b546125d20013237aeadec5873e6438ada611347035358059a77a32c54f5
- 9f431d5549a03aee92cfd2bdbbe90f1c91e965c99e90a0c9ad5a001f4e80c350
- a53a9ca8a074c7108f8412c3f8c1fc5d
- 71c50b1e19311185928c4c58ffd061642734ac9edf6a45a232fab407e5915472
- 0e477c81be68d8e523783ae46a5502574d481c2d
- a7ec88cc08ffa80915f32ac7274218ded88e61c6cda95bedbb8fe9d729ba7495
- 2425f7ce87898c69e274daa02c21304f44838eea6521bbf7ffd97427a1f8df2c
- 56dfe55b016c08f09dd5a2ab58504b377a3cd66ffba236a5a0539f6e2e39aa71
- 5a7c90c0806c846faa58959627a95b816e636e7f
- 77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
- ef2cd9ded5532af231e0990feaf2df8fd79dc63f7a677192e17b89ef4adb7dd2
- c1ed8f74c5057aa22989205e32e672c7
- 65d8ba2504cf970adb7ac87a42703e16
- 168f1b974b31df0889e6dbe75f0fe8486cf932d72f0d6ad8348c97a2e537a738
- fd81615d4fec48fee1604a389a95ec4b
- 54de95cc33834a2f877ba4842860af27
- 0014e18b7e72bbabd17a8e39c9448563
- 930f0dc9929c6097f718b42d1dbad42d0263ffac5d598a81fc6fa1ea1f58c41c
- 9e82ee5bde6b5d29281a3c280e6d1f2e
- 15e9255a3e3401e5f6578d2ac45b7850
- 91025d6f02e542f2e37ffce7d0ce8b51
- 259faf2de8195f7f4f41c6bc2deb03e20bce4fcb133342d3cd58124eac37fa18
- 103ccb9ba1230b21e4fb360e1f1f99b3a6537c8dfe8eb02e853db4eae891d5a1
- 82794015e2b40cc6e02d3c1d50241465c0cf2c2e4f0a7a2a8f880edaee203724
- f35e70c17c3fa2d90502cabe038c116c78600788
- 83658959f67c300559196d73ca7cc4abcf344db919601832e5b0dab6e54dceed
- 99be93aa4c34b39fedcd37663c34511f
- eae67851dc1194cef50ae904f986d5bd
- b16e217cdca19e00c1b68bdfb28ead53b20adeabd6edcd91542f9fbf48942877
- df5ab9015833023a03f92a797e20196672c1d6525501a9f9a94a45b0904c7403
- 1a81b753c9a8a026a1c99de7c920c063560ca165
- 6ee94f6bdc4c4ed0fff621fec36c70ff093659ed
- c19dbfe279a7bf88adea52a46aeac15687ed3d1e9e5cbfb123af6504c2ef5a0e
- c969c14c3cfc68289e75a7400758b460
- 395f835731d25803a791db984062dd5cfdcade6f95cc5d0f68d359af32f6258d
- b47d1618177b6bc219b8734cd02f9cf7be7aff43
- 1c09145f4063f989fbabdd6279f8f486
- d17f86f27e9db5a5afde517b5173121e
- 3928c5874249cc71b2d88e5c0c00989ac394238747bb7638897fc210531b4aab
- 11c1cfce546980287e7d3440033191844b5e5e321052d685f4c9ee49937fa688
- 47ec51b5f0ede1e70bd66f3f0152f9eb536d534565dbb7fcc3a05f542dbe4428
- ad4f0428fc9290791d550eeddf171aff046c4c2c
- 06807d8d7282959ce062f92a708d382f
- 35da45aeca4701764eb49185b11ef23432f7162a
- 1406e538fc441e89ce3d1747017f97a5
- feab413f86532812efc606c3b3224b7c7080ae4aa167836d7233c262985f888c
- 8f31f69f88a75d5faab4f94cfc2ec8a649fe1a24
- 949be42310b64320421d5fd6c41f83809e8333825fb936f25530a125664221de
- d920c1a909744e206405ec13539ee01c
- 39300863bcaad71e5d4efc9a1cae118440aa778f
- bc65ed919988c8e4b8f5a1cd371745456601700a
- 5d6b9e80e12bfc595d4d26f6afb099b3cb471dd4
- c52d46c66d6469877b156e166ca2dbfb72fe90eb
- 2e977e97646d5ee5999ac5c8b138c7e240e431b1
- 6bc8e3505d9f51368ddf323acb6abc49
- 2c48f82020a4a6bc9a6a476d16972cb2a01c6291
- 9b8dcd2259b64f77cf7769e96f429c60566e42a9759642727ca91f3263bd4fc1
- e84270afa3030b48dc9e0c53a35c65aa
- 854512af19cba0d1048b9686e3383d9c5a05d316bb6d09cf2af7e93b5f587349
- e2bc2361ead7c80eba86a5d1c492865d
- d520d06d78afcad2e03842cb8db4622d18b92739e89dfb8dadf5743f30dcd903
- 8ad06a238ffaafb2ad6c314b8e0e8619838c01e0
- e10361a11f8a7f232ac3cb2125c1875a0a69a3e4
- c5591d6715ac344f77c25b0418ba4ff82cc565ff44e15466dcb6843b50469d42
- 60eeab87b414dcd1fa5ac8d816a30b19a32ea9dd83633fd0f26a9b7d01a7a6f2
- 40126b1b3c6f86194fc554cdba3cb5d3
- 8d0aed65308fc15f13ab3887739948c9559b9559c9c9a46c12730fd0c825ffe9
- 7007cf53bcd0083baba202d8ac2d9070
- e1b147aa2efa6849743f570a3aca8390faf4b90aed490a5682816dd9ef10e473
- 59bb8cbd471bd6598c8bf830fa9f90574e8b1bae59d90d379dfd91b1390f7a33
- 88169b1d4778ed6c5fda97375efb5b9171ea52649c8715bb449801c39bce4ad4
- 7310d6399683ba3eb2f695a2071e0e45891d743b
- 40df05b4f04ad093b31c9ca07a559be56a700e49f6051b5cb7462db5f85be8c3
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for dragonforce
CVE-2025-6264
CVE-2025-59287
CVE-2025-47176
CVE-2025-47171
CVE-2024-57728
CVE-2024-57727
CVE-2024-57726
CVE-2024-55591
CVE-2024-40766
CVE-2024-37085
CVE-2024-21893
CVE-2024-21887
CVE-2024-21762
CVE-2024-21412
CVE-2024-1709
CVE-2024-1708
CVE-2023-46805
CVE-2023-27997
CVE-2023-20269
CVE-2021-44228
CVE-2021-35464
CVE-2015-2291
Discovery
T1083
File and Directory Discovery
Execution
T1005.002
User Execution
Impact
T1486
Data Encrypted for Impact
Victims(200)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Synex International Pvt Ltd | synexint.com | LK Sri Lanka | Energy & Utilities | Claimed | 2 days ago | |
| Panorama BPO | panoramabpo.com | PH Philippines | Professional Services | Claimed | 2 days ago | |
| Taos Mountain Casino | taosmountaincasino.com | US United States | Hospitality | Claimed | 2 days ago | |
| Henry Molded Products Likely to Engage tag. | henry-molded.com | US United States | Manufacturing | Claimed | 5 days ago | |
| Shoreline Sightseeing | shorelinesightseeing.com | US United States | Hospitality | Claimed | 5 days ago | |
| President Container Group | presidentcontainer.com | SG Singapore | Transportation | Claimed | 7 days ago | |
| ksmart.ca | ksmart.ca | CA Canada | Retail & E-Commerce | Claimed | 7 days ago | |
| wsm.co.uk | wsm.co.uk | GB United Kingdom | Professional Services | Claimed | 7 days ago | |
| northbridge.com | northbridge.com | CA Canada | Technology | Claimed | 7 days ago | |
| dunasgroen.nl | dunasgroen.nl | NL Netherlands | Other | Claimed | 7 days ago | |
| refreshmentsystems.co.uk | refreshmentsystems.co.uk | GB United Kingdom | Retail & E-Commerce | Claimed | 7 days ago | |
| practicus.co.uk | — | GB United Kingdom | Professional Services | Unknown | 7 days ago | |
| nemd.com | nemd.com | NE Niger | Technology | Claimed | 7 days ago | |
| pieralisi.com | pieralisi.com | IT Italy | Other | Claimed | 7 days ago | |
| jcripberger.com | jcripberger.com | DE Germany | Other | Claimed | 7 days ago | |
| profundo.nl | profundo.nl | NL Netherlands | Education | Claimed | 7 days ago | |
| waypointsolutions.com | waypointsolutions.com | US United States | Professional Services | Claimed | 7 days ago | |
| erh.co.uk | erh.co.uk | GB United Kingdom | Professional Services | Claimed | 7 days ago | |
| fabbricausa.com | fabbricausa.com | US United States | Manufacturing | Claimed | 7 days ago | |
| Ramos Rheumatology | ramosrheumatology.com | US United States | Healthcare | Claimed | 7 days ago |
Page 1 of 10
Affected countries(69)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇷Argentina🇦🇹Austria🇦🇺Australia🇧🇩Bangladesh🇧🇪Belgium🇧🇬Bulgaria🇧🇷Brazil🇨🇦Canada🇨🇭Switzerland🇨🇱Chile🇨🇳China🇨🇴Colombia🇨🇷Costa RicaCuraçao🇨🇾Cyprus🇨🇿Czech Republic🇩🇪Germany🇩🇰Denmark🇩🇴Dominican Republic🇪🇬Egypt🇪🇸Spain🇫🇮Finland🇫🇷France🇬🇧United Kingdom🇬🇷Greece🇬🇹Guatemala🇭🇰Hong Kong🇭🇺Hungary🇮🇩Indonesia🇮🇪Ireland🇮🇱IsraelIsle of Man🇮🇳India🇮🇶Iraq🇮🇹Italy🇯🇲Jamaica🇯🇵Japan🇱🇧Lebanon🇱🇰Sri Lanka🇱🇺Luxembourg🇲🇳Mongolia🇲🇽Mexico🇲🇾Malaysia🇳🇪Niger🇳🇬Nigeria🇳🇱Netherlands🇳🇴Norway🇳🇿New Zealand🇵🇦Panama🇵🇪Peru🇵🇭PhilippinesPuerto RicoPalestine, State of🇵🇹Portugal🇵🇼PalauRussian Federation🇸🇦Saudi Arabia🇸🇪Sweden🇸🇬Singapore🇸🇰Slovakia🇸🇳Senegal🇹🇭Thailand🇹🇷TurkeyTaiwan, Province of China🇺🇦Ukraine🇺🇸United States🇻🇳Vietnam🇿🇦South Africa