In revenge for divisive remarks made by a BJP official, the Malaysian hacktivist collective known as DragonForce started attacking India at that point. On June 6, 2022, the “OpsPatuk” operation got underway. This operation has infected over 102 websites as of the time of writing and is still targeting a number of social media sites, including Twitter, Telegram, and their own DragonForce website.
Government agencies, educational institutions, and financial institutions are among the sectors that are frequently targeted clients. The threatful organization has also urged other hackers to participate in its anti state operation.
So far, DragonForce and its followers have primarily used the following methods to target victims:
- DDoS website vandalism: DragonForce Malaysia, as seen in prior operations, once more entices followers to join the operation by using well-designed advertisements that give details on targets. The DragonForce Malaysia forums and social media are used to announce the events. The threat organization often announces its denial-of-service tactics fewer than 24 hours in advance thus increasing the vulnerability. As the operation develops, “lone wolves” should be prepared for surprise denial-of-service strikes in addition to the official assaults. Neither an advanced nor a persistent threat group, nor are they now regarded as sophisticated, is DragonForce Malaysia. However, they make up for their lack of sophistication with their capacity to effectively organize themselves and communicate information to other members. Threat actors have been using DragonForce Malaysia’s normal toolkit to perform denial-of-service attacks during #OpsPatuk, including but not limited to Slowloris, DDoSTool, DDoS-Ripper, Hammer, and several other scripts often seen in open-source repositories like GitHub. The threat group has not been observed using IoT botnets as of yet but still remains a potential threat for the same.
- Defacement: Since the campaign’s launch on June 10, Radware has noticed and verified several defacements by DragonForce Malaysia and its allies across India. The defacements assert that India mistreats its Muslim community and that Nupur Sharma, a BJP spokesman, insulted the Prophet Muhammad. In the defacements, DragonForce Malaysia asserts that it would ultimately defeat India, but it does not specify its ultimate goal.
- Data Leaks: Since the start of the campaign, DragonForce Malaysia has made various claims regarding data leaks. Data leaks are frequently challenging to authenticate and trace back to their source. At this point, the threat group has asserted that it has compromised and exposed data from numerous Indian databases belonging to governmental organizations, financial institutions, academic institutions, service providers, and universities.
- hacking VPN gateways and using stolen credentials
- focusing on vulnerabilities in web applications
- utilizing the most recent Atlassian Confluence security hole (CVE-2022-26134)
On its official website, the group has also made private information on a number of organizations publicly available.
Forum for DragonForce, who operate DragonForce Malaysia started that- Tens of thousands of people frequent the forum today, and there are conversations about anything from starting an eSports team to carrying out cyberattacks. Based on the information and expertise they share with the larger community; forum users receive social credit and DragonCoins.
CVE-2022-26134 atlas convergence (RCE)
Confluence Server and Data Center versions are both affected by a zero-day vulnerability, according to a security advisory provided by Atlassian on June 3, 2022. An unauthenticated attacker could run arbitrary code on a Confluence Server or Data Center instance using the Remote Code Execution (RCE) vulnerability.
Over the past year, the members of the DragonForce Malaysia forum have shown the capacity and ambition to develop into a highly sophisticated threat group. Forum users frequently contribute knowledge and learning materials to advance the careers of other hackers. Users have recently shared knowledge about scanning and discovery, specifically how to use Google Dorking2 to find vulnerable targets, how to download and set up simple denial-of-service scripts, and more recently, how to use exploits to target their victims, during both #OpsBedilReloaded and #OpsPatuk.
Causes for Worry
The Middle East and Asia have been the target of various campaigns that DragonForce Malaysia and its partners have launched in the past year. Together, the threat groups have effectively filled the gap left by Anonymous while continuing to operate independently throughout the revival of hacktivists related to the Russian/Ukrainian war.
In the past year, DragonForce Malaysia and its partners have demonstrated their capacity to adjust to and change with the threat landscape. Although denial-of-service assaults and defacement are the group’s main goals, they have recently shown that they are capable of fast utilizing freshly published exploits. In the near future, it is anticipated further reactionary initiatives from DragonForce Malaysia based on their social, political, and religious beliefs.
ESSENTIALS FOR EFFECTIVE DDOS PROTECTION
Hybrid DDoS Security – On-premise and cloud DDoS protection that targets huge volume attacks and prevents pipe saturation for real-time DDoS attack prevention
Real-Time Signature Creation enables behavioral-based detection to quickly and correctly identify and block anomalies while permitting legitimate traffic. Protect yourself as soon as possible from unknown threats and zero-day attacks
An emergency response plan for cyber security – Intelligence on Active Threat Actors – high quality, correlated, and processed data for preventative protection against currently active known attackers. A dedicated emergency team of professionals with experience with Internet of Things epidemics.
ESSENTIALS OF EFFECTIVE WEB APPLICATION SECURITY
- Complete defense against defacements, injections, etc. in the OWASP Top-10.
- Low false positive rate and maximum accuracy using both negative and positive security models
- Ability to automatically generate policies for the broadest coverage with the least amount of operational work
- To avoid dynamic IP assaults and defeat them, bot prevention and device fingerprinting capabilities are necessary.
- Enhanced bot blocking and detection.
- API security through path filtering, knowledge of XML and JSON formats for compliance, and activity monitoring
- Tracking tools to identify bots and protect internal resources
- Options for Flexible Deployment: On-Premise, Off-Path, Virtual, or Cloud-Based
The above mentioned essentials should always be kept in mind so as to secure one’s cyber ecosystem. Anti state actors like the DragonForce are the new face of threats and attacks, as the nation goes deeper into the cyber age and advancements such threats will increase and hence it is essential to eradicate or negate the effects of such attacks as soon as possible or else the cyber ecosystem will always remain under threat.
Author – Mr. Shrey Madaan, Research Associate, CyberPeace Foundation