Hacktivist group DragonForce Malaysia has been spotted working its way around a Confluence exploit that may lead to ransomware attacks. It is being used to conduct Windows servers’ Local Distribution Router (LDR) and Local Privilege Escalation (LPE) actions.

DragonForce Malaysia

Researchers from CloudSEK have presented a PoC video and further provided analysis in an advisory. The exploited flaw is tracked as CVE-2022-26134, which exists in Confluence.
  • At first, the researchers spotted a post on a Telegram channel where a video was posted explaining the exploit.
  • The hacktivist group from Malaysia published the post on June 23 and linked it with a threat actor, dubbed Impossible1337.

Additionally, the group posted a blog on its official website, announcing its plans to launch widespread ransomware attacks, with focused attacks on India.

More information

  • In the posted video, DragonForce Malaysia announced plans to convert into a ransomware group. 
  • After that, the group reposted the claims on other social media channels and websites as well.

Mitigation

Institutions and firms are suggested to patch the Windows servers by updating all software to the latest available version or they can follow the latest workarounds made available by respective vendors. Further, admins are suggested to audit and monitor anomalies in networks.
Cyware Publisher

Publisher

Cyware