Today, Radware released an advisory about a new DragonForce Malaysia cyberattack campaign called “OpsPatuk.” DragonForce is a known pro-Palestinian hacktivist group located in Malaysia.
Key Highlights
- Launched on June 10, 2022, OpsPatuk started attacking numerous organizations and government resources in India with defacements, denial-of-service attacks, and data leaks. The operation is still ongoing today.
- The OpsPatuk hacktivist campaign is in direct response to the controversial statements made by India’s Bharatiya Janata Party spokesperson Nupur Sharma condemning the Prophet Muhammad. The defacements claim that Sharma insulted the Prophet Muhammad and that the country abuses its Muslim population.
- In addition to DragonForce Malaysia scanning, defacing, and launching DDoS attacks against numerous websites in India, more advanced threat actors are leveraging current exploits, breaching networks, and leaking data.
- DragonForce Malaysia claims to have breached and leaked data from various government agencies, financial institutions, universities, service providers, and several Indian databases.
- The members of the DragonForce Malaysia forum, over the last year, have demonstrated the ability and desire to evolve into a highly sophisticated threat group. Forum members constantly share information and educational resources that help other hacktivists evolve.
- Threat actors launching denial-of-service attacks during OpsPatuk have been leveraging DragonForce Malaysia’s standard toolset, including but not limited to Slowloris, DDoSTool, DDoS-Ripper, Hammer, and several other scripts generally found in open source repositories, such as GitHub.
Reasons for Concern
Over the last year, DragonForce Malaysia and its associates have launched several campaigns targeting government agencies and organizations across the Middle East and Asia. The threat groups, in combination, have successfully filled the void left by Anonymous while remaining independent during the resurgence of hacktivists relating to the Russian/Ukrainian war.
DragonForce Malaysia and its associates have proven their ability to adapt and evolve with the threat landscape. Radware expects DragonForce Malaysia to continue launching new reactionary campaigns based on their social, political, and religious affiliations in the foreseeable future.
Daniel Smith, head of research for Radware’s cyber threat intelligence division, summarizes the situation like this: “DragonForce Malaysia is adding to a year that will long be remembered for geopolitical unrest. Over the last three months, DragonForce Malaysia and their associates have launched several campaigns targeting numerous government agencies and organizations across the Middle East and Asia. In combination with other hacktivists, the threat group has successfully filled the void left by Anonymous while remaining independent during the resurgence of hacktivists related to the Russian/Ukrainian war.
“Their current campaign against India, OpsPatuk, has already seen several government agencies and organizations across the country targeted by data leaks and denial-of-service attacks, with the number of defacements topping one hundred websites.
“DragonForce Malaysia is expected to continue defining and launching new reactionary campaigns based on their social, political, and religious affiliations for the foreseeable future. The recent operations by DragonForce Malaysia, OpsBedil Reloaded and OpsPatuk, should remind organizations worldwide that they should remain vigilant during these times and aware that threats exist outside the current cyber conflict in Eastern Europe.”