Home Threat actors DragonForce DragonForce is a hacktivist group based in Malaysia that has been involved in cyberattacks targeting government institutions and commercial organizations in India. They have also targeted websites affiliated with Israel and have shown support for pro-Palestinian causes. The group has been observed using defacement attacks, distributed denial-of-service attacks, and data leaks as part of their campaigns. DragonForce Malaysia has demonstrated an ability to adapt and evolve their tactics over time.
References
Actor metadata imported from Malpedia (Fraunhofer FKIE).
Related incidents
null was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-18.
Victim null
architekturbuero-heller.de was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-13.
Victim architekturbuero-heller.de
thaonlesvosges.fr was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-13.
Victim thaonlesvosges.fr
www.colemanmaterials.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-13.
Victim www.colemanmaterials.com
altara.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim altara.com
atlplasticsurgeon.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim atlplasticsurgeon.com
iacc.holdings was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim iacc.holdings
industrialdynamics.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim industrialdynamics.com
jtalleycorp.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim jtalleycorp.com
net-move.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim net-move.com
southernavionics.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim southernavionics.com
www.condista.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim www.condista.com
www.dermatologysolutions.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim www.dermatologysolutions.com
www.philsmithauto.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
Victim www.philsmithauto.com
dac-law.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim dac-law.com
kraftkisarna.se was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim kraftkisarna.se
millercaggiano.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim millercaggiano.com
ossman.co.uk was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim ossman.co.uk
pratthomes.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim pratthomes.com
pryor-morrow.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim pryor-morrow.com
stitaly.it was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim stitaly.it
www.harrissteelco.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim www.harrissteelco.com
www.irisid.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim www.irisid.com
www.precisiontextiles-usa.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim www.precisiontextiles-usa.com
www.setpointsystems.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim www.setpointsystems.com
www.texlaenergy.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
Victim www.texlaenergy.com
citrusmagic.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-10.
Victim citrusmagic.com
statesmanbiz.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-10.
Victim statesmanbiz.com
www.cityofgroveok.gov was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-10.
Victim www.cityofgroveok.gov
Social-engineering of a third-party service desk gave Scattered Spider a domain administrator, which they used to deploy DragonForce ransomware on M&S's VMware ESXi estate at Easter 2025 — knocking out contactless payments, Click & Collect, and online ordering for over six weeks.
Victim Marks & Spencer
Loss $550.0M