In a noteworthy development, DragonForce Ransomware, the group behind the recent cyber assault on UK retailer Marks & Spencer, has issued an unusual public request. They are urging other hacking entities to steer clear of attacking businesses based in Russia and countries that were part of the former Soviet Union.
This appeal raises questions about DragonForce’s potential affiliations or financial support from the Russian state or its neighboring nations. By discouraging cyberattacks on these territories, the group seems to position itself as a protector of companies within this region, seeking to maintain the integrity of technology use.
Furthermore, in a statement, DragonForce clarified its approach by disclosing that it had deleted all personal data extracted from Co-op’s servers. They asserted a commitment to extortion without data destruction, emphasizing that deleting critical business information can lead to irreparable damage, affecting company viability.
Cybersecurity analysts indicate that DragonForce has targeted approximately 90 organizations across diverse sectors and has explicitly warned rival factions, including Scattered Spider, against compromising networks in Russia. This action is unprecedented, as it marks the first instance of a hacking group establishing operational boundaries among its peers.
According to reports from The Observer, DragonForce has been implicated in over 167 attacks spanning 32 countries, with 87 incidents in the United States, 17 in the UK, eight each in Australia and Italy, and five in Canada. This shift in behavior among cybercriminal networks suggests a more organized and territorial approach, indicating heightened competition within the underground hacking sphere.
While the motivations behind DragonForce’s explicit warning to Scattered Spider remain speculative, the group’s cartel-like structure raises the possibility of ties to Russian governmental interests or intelligence entities under President Putin’s administration.
Utilizing the MITRE ATT&CK framework, potential tactics employed by DragonForce in this attack may include initial access techniques such as phishing and exploitation of remote services, as well as persistence strategies through the installation of malware designed to maintain control over the targeted systems.
As cyber threats continue to evolve, this latest incident underscores the necessity for business owners to remain vigilant and informed about emerging vulnerabilities and the shifting dynamics within the cybercriminal landscape.
Ad
