FlagThis

The DragonForce ransomware group is actively targeting Saudi Arabian organizations, marking a concerning escalation of cyber threats in the region. Resecurity reports that DragonForce has successfully attacked a prominent real estate and construction company located in Riyadh. This marks the first time the ransomware group has successfully breached a major enterprise in Saudi Arabia.

Resecurity's investigation revealed that DragonForce is actively targeting critical infrastructure with the intent of exfiltrating sensitive data and disrupting operations. The attack on the real estate giant resulted in the theft of over 6 terabytes of sensitive data. The group demanded a ransom payment prior to Ramadan, and once the ransom was not paid, they leaked stolen data to the public, including confidential client and operational documents.

ImgSrc: s3.talkback.sh

References :

• gbhackers.com: DragonForce Attacks Critical Infrastructure to Exfiltrate Data and Halt Operations
• securityaffairs.com: DragonForce Ransomware group is targeting Saudi Arabia
• The420.in: DragonForce Targets Saudi Real Estate Giant: Resecurity Report
• Talkback Resources: DragonForce Ransomware Group Targets Saudi Arabia with Large-Scale Data Breach [exp] [mal]
• Talkback Resources: Talkback.sh summarizes DragonForce Ransomware Group Targets Saudi Arabia with Large-Scale Data Breach

Classification:

• HashTags: #Ransomware #DragonForce #SaudiArabia
• Company: Resecurity
• Target: Saudi Arabia
• Attacker: DragonForce
• Product: Ransomware
• Feature: data exfiltration
• Malware: DragonForce
• Type: Ransomware
• Severity: Major