DragonForce Ransomware Group is Targeting Saudi Arabia
Essential information
- Published
- 27/02/2025 19:28
- Modified
- 28/02/2025 09:55
- Tags
- 2025-02-27 construction dark web dragonforce raas ransomware real estate saudi arabia
- Related entities
- 5 vulnerabilities (cve), 17 observables, 1 intrusion sets (apt), 10 techniques (mitre), 1 malware, 3 others
Description
DragonForce ransomware has targeted organizations in Saudi Arabia, with a significant data leak from a Riyadh real estate and construction company. The group exfiltrated over 6 TB of data, setting a deadline just before Ramadan. DragonForce operates on a RaaS model, offering high commission rates for affiliates and supporting various platforms. They use advanced techniques, including a customized CAPTCHA filter and encrypted communications. The group's builder offers flexibility in payload configuration, and they leverage legitimate tools for file transfers. DragonForce employs a dual extortion strategy and has been observed using specific CVEs for network infiltration. The targeting of Saudi Arabia raises concerns about critical infrastructure security in the region.