Skip links

Malaysia-linked DragonForce hacktivists attack Indian targets

A Malaysia-linked hacktivist group has attacked targets in India, seemingly in reprisal for a representative of the ruling Bharatiya Janata Party (BJP) making remarks felt to be insulting to the prophet Muhammad.

The BJP has ties to the Hindu Nationalist movement that promotes the idea India should be an exclusively Hindu nation. During a late May debate about the status of a mosque in the Indian city of Varanasi – a holy city and pilgrimage site – BJP rep Nupur Sharma made inflammatory remarks about Islam that sparked controversy and violence in India.

The threat groups have successfully filled the void left by Anonymous.

According to Indian threat intelligence vendor CloudSEK and US-based security and application delivery vendor Radware, Sharma’s remarks caught the attention of a Malaysia-linked group called DragonForce that has launched attacks against Indian targets and sought assistance from others to do likewise under the banner “#OpsPatuk”.

Radware’s take [PDF] on DragonForce is it’s “a known pro-Palestinian hacktivist group located in Malaysia and has been observed working with several threat groups in the past, including the T3 Dimension Team and ReliksCrew.”

“DragonForce Malaysia is not considered an advanced or a persistent threat group, nor are they currently considered to be sophisticated,” Radware’s analysts wrote. “But where they lack sophistication, they make up for it with their organizational skills and ability to quickly disseminate information to other members.”

Those skills extend to Twitter, where DragonForce is assumed to be the entity behind the following missive that calls for others to join its attacks on India and lists targets in sectors including logistics, education, web hosting, and software:

CloudSEK concurs with Radware’s analysis that DragonForce relies on widely available DDoS tools and suggests a DragonForce forum member launched DDoS attacks against the BJP website, and shared credentials that offer access to social media accounts and bank accounts.

Radware has watched DragonForce achieve multiple site defacements as part of this campaign. CloudSEK says it’s seen the group target hosting providers, deploy ransomware, and conduct phishing campaigns using SMS and WhatsApp.

DragonForce’s Twitter feed suggests it has enjoyed considerable success. And FWIW The Register yesterday struggled to reach Indian government websites for several hours.

This incident is more than a local skirmish. Radware rates DragonForce’s forums as a source of information on how to exploit vulnerabilities such as Atlassian’s critical Confluence bug.

“Over the last year, DragonForce Malaysia and its associates have launched several campaigns,” Radware’s researchers wrote, adding: “The threat groups, in combination, have successfully filled the void left by Anonymous while remaining independent during the resurgence of hacktivists relating to the Russian/Ukrainian war.” ®