Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

DragonForce / Hackledorb pivots from RaaS to a formalized cartel structure

Threat Actor Meta
First reported
Last updated
Happening score
H score 26
1 unique sources, 1 articles

Summary

Hide ▲

Hackledorb has pivoted DragonForce from a conventional ransomware-as-a-service (RaaS) model into a formalized cartel structure, signaling a more organized and durable adversary ecosystem. The shift raises the group's ability to scale operations, coordinate affiliates, and sustain pressure against enterprise victims while blending ransomware with stealthier post-compromise tradecraft.

Related Happenings

Major U.S. services company hit by ransomware attack linked to DragonForce

Incident
H score38 First: 16.06.2026 13:18 Last: 16.06.2026 13:18 Sources 1

How related: the backdoor was deployed against a major U.S. services firm. The name of the company was not disclosed.

About this happening: A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...

Open Happening

Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion

Threat Actor Meta
H score21 First: 07.06.2026 17:09 Last: 07.06.2026 17:09 Sources 1

About this happening: **Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...

Open Happening

Fake IT support Havoc campaign

Campaign
H score32 First: 03.03.2026 19:15 Last: 03.03.2026 19:15 Sources 1

About this happening: A **fake IT support** campaign is using **email spam**, phone-based social engineering, and **Havoc C2** to gain initial access, putting targeted organizations at risk of **data e...

Open Happening

DragonForce shifts ransomware-as-a-service into a cartel-style affiliate umbrella

Threat Actor Meta
H score38 First: 05.02.2026 00:14 Last: 05.02.2026 00:14 Sources 1

About this happening: **DragonForce** has shifted into a **cartel-style ransomware-as-a-service model**, letting affiliates launch their own brands while sharing a common umbrella. That change expands...

Open Happening

Storm-0249 tax-themed phishing campaign targeting U.S. users

Campaign
H score29 First: 09.12.2025 15:37 Last: 09.12.2025 15:37 Sources 1

About this happening: **Storm-0249** ran a **tax-themed phishing campaign** against **U.S. users** ahead of the **tax filing season**, expanding access opportunities for downstream abuse. The operation...

Open Happening

Timeline

  1. 18.06.2026 16:30 2 articles · 3h ago

    Hackledorb pivots DragonForce from RaaS to a formalized cartel structure

    Attribution Update

    Hackledorb, the threat actor behind DragonForce, has moved the group from a conventional ransomware-as-a-service model into a highly organized, formalized cartel structure, indicating a more durable and coordinated ransomware operating model.

    Show sources
    Open in new tab