Group Profile: DragonForce
Perfil del grupo ransomware segun BushidoUK Ransomware Vulnerability Matrix. Incluye vulnerabilidades conocidas, herramientas y TTPs asociadas.
DragonForce's Exploited Vulnerabilities
> [!NOTE]
> This is the list of vulnerabilities that have been observed during intrusions that lead to DragonForce ransomware deployment or data exfiltration and leaks published to DragonForce's Tor Site
Pulse Secure / Ivanti
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| Ivanti Connect Secure | CVE-2024-21893 | DragonForce | trendmicro.com |
| Ivanti Connect Secure | CVE-2024-21887 | DragonForce | trendmicro.com |
| Ivanti Connect Secure | CVE-2023-46805 | DragonForce | trendmicro.com |
Fortinet
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| FortiOS & FortiProxy | CVE-2024-21762 | DragonForce | ccb.belgium.be |
| FortiOS & FortiProxy | CVE-2024-55591 | DragonForce | ccb.belgium.be |
SonicWall
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| SonicOS SSL-VPN | CVE-2024-40766 | DragonForce | ccb.belgium.be |
Windows
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| SmartScreen | CVE-2024-21412 | DragonForce | trendmicro.com |
Apache
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| Log4j | CVE-2021-44228 ("Log4Shell") | DragonForce | trendmicro.com |
SimpleHelp
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| SimpleHelp RMM | CVE-2024-57727 & CVE-2024-57728 | DragonForce | sophos.com |
---
#### Sources
| Date Published | Report |
|---|---|
| 27 May 2025 | https://news.sophos.com/en-us/2025/05/27/dragonforce-actors-target-simplehelp-vulnerabilities-to-attack-msp-customers/ |
| 29 October 2025 | https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce |
| 29 April 2026 | https://ccb.belgium.be/open-media/1275/download?inline |