|Category: Adversary Intelligence||Threat Type: Latest Attack||Motivation: Hacktivist||Region: India||Source*: D4|
- On 23 June 2022, DragonForce Malaysia published a post on their Telegram channel, sharing a PoC for the exploit for Windows Server LPE and LDR vulnerabilities. The group has attributed a threat actor named “impossible1337” for the same.
- The group also mentioned their plans of converting to a ransomware group and shared a sample ransom note as proof.
- On the same day, the group published a blog on their official website, thereby announcing their plans to conduct mass spreading and ransomware attacks. Following their blog post, a significant amount of chatter was observed on Twitter, which received a lot of criticism.
- Previously, DragonForce was seen discussing an exploit for a critical unauthenticated remote code execution vulnerability present in Confluence Server and Data Center, CVE-2022-26134, in order to actively target and exploit Indian entities. (For more information refer to the Appendix section)
- On 10 June 2022, CloudSEK’s contextual AI digital risk platform XVigil discovered a Tweet posted by a Malaysian hacktivist group going by the name DragonForce, calling for attacks on Indian Government websites by Muslim hackers all around the world.
- The group’s primary objective of the attack, as claimed by them, was to get back at the Indian Government for controversial comments on Prophet Muhammad by some Indian politicians.
- The group behind this cyber call to arms, DragonForce Malaysia, is a pro-Palestinian hacktivist group based in Malaysia.
- This group owns and operates a forum where they post announcements and discuss their latest activities.
- The group also has Instagram and Facebook pages along with multiple Telegram channels. However, most content is replicated across their website and social media handles.
- The group has been conducting regular recruitment and promotion campaigns using Tiktok and Instagram reels.
- *Intelligence source and information reliability - Wikipedia
- #Traffic Light Protocol - Wikipedia
- Tweet by DragonForce
- CloudSEK’s report on CVE-2022-26134