Trout Software
← ALL GROUPS

dragonforce

36 total attacksRank #74.7% share8 sectors targeted10 countries
ACTIVITY OVER TIME

TOTAL ATTACKS

36

REPORTS APPEARED IN

1

GLOBAL RANK

#7

ATTACK SHARE

4.7%

GROUP PROFILE

DragonForce operates as a mid-tier ransomware operation with 36 attacks this period, demonstrating focused targeting capabilities against construction and technology companies across the US, Turkey, France, Canada, and UK. The group employs a streamlined attack methodology centered on T1190 exploitation of public-facing applications followed by T1003 credential dumping and T1021.001 RDP-based lateral movement. Their technical approach emphasizes speed over sophistication, using T1041 exfiltration over C2 channels to rapidly steal sensitive data before deploying ransomware payloads. DragonForce's geographic distribution and sector targeting suggest they may be operating with regional affiliates who possess specific cultural and linguistic expertise in Turkish and European markets, allowing them to more effectively negotiate with victims and understand local business practices.

MITRE ATT&CK — KILL CHAIN
Initial Access
T1190Exploit Public-Facing Application
T1078Valid Accounts
Execution
T1059.001PowerShell
Defense Evasion
T1562.001Disable or Modify Tools
Credential Access
T1003OS Credential Dumping
Discovery
T1082System Information Discovery
Lateral Movement
T1021.001Remote Desktop Protocol
Collection
T1005Data from Local System
Exfiltration
T1041Exfiltration Over C2 Channel
Impact
T1486Data Encrypted for Impact
T1490Inhibit System Recovery
9 TACTICS|11 TECHNIQUES|Click technique IDs for MITRE ATT&CK details
TARGETED SECTORS
TARGETED COUNTRIES
US: 33GB: 6TR: 4IN: 2FR: 2
REPORT APPEARANCES
February 202636 attacks