Dragonforce Cartel Emerges From The Leaked Source Code Of Conti V3...
DragonForce, a ransomware-as-a-service operation active since 2023, has dramatically evolved into what researchers now describe as a structured cybercriminal cartel, leveraging the publicly leaked Conti v3 source code to establish a formidable threat infrastructure.
The group initially relied on the LockBit 3.0 builder for developing encryptors before transitioning to a customized Conti v3 codebase, giving it significant operational advantages and technical capabilities that rival established ransomware operations.
The transition marked a turning point in DragonForce’s evolution. Rather than operating as a traditional ransomware group, the organization rebranded itself as a cartel in early 2025, fundamentally changing how it conducts business.
This shift enables affiliates to white-label payloads and create their own branded variants while maintaining operational independence under DragonForce’s infrastructure umbrella.
By offering affiliates 80 percent of profits, the cartel structure removes technical barriers to entry and incentivizes recruitment of new operators.
The group now provides comprehensive tools including automated deployment systems, customizable encryptors, reliable infrastructure with 24/7 monitoring, and support for multiple platforms spanning Windows, ESXi, Linux, BSD, and NAS systems.
Acronis researchers and threat analysts identified that DragonForce employs sophisticated attack methodologies alongside Scattered Spider, a financially motivated initial access broker specializing in social engineering and multi-factor authentication bypass tactics.
Scattered Spider conducts reconnaissance on target employees through social media and open-source intelligence, crafting convincing pretexts to orchestrate phishing campaigns and voice phishing attacks.
Once credentials are compromised, the group deploys remote monitoring tools like ScreenConnect and AnyDesk to establish persistence, then conducts extensive network reconnaissance focusing on backup infrastructure, credential repositories, and VMware environments.
DragonForce’s technical sophistication distinguishes it from competing operations.
Source: Cybersecurity News
