Dragon RaaS Leading 'Five Families' Crimeware With New Initial Access & Exploitation Methods

A sophisticated Ransomware-as-a-Service (RaaS) operation known as ‘Dragon’ has emerged as the dominant force within the notorious “Five Families” of crimeware, implementing advanced initial access techniques and exploitation methods that have alarmed cybersecurity experts. The threat actors behind Dragon have demonstrated a high level of technical proficiency, utilizing living-off-the-land techniques combined with novel obfuscation methods to remain undetected within compromised environments for an average of 26 days before initiating encryption routines. Security researchers have observed Dragon operators leveraging a previously undocumented vulnerability in widely-used VPN appliances to establish persistent access to corporate networks. SentinelOne researchers noted that Dragon operatives are using a custom-built command and control (C2) framework utilizing DNS tunneling to evade traditional network security monitoring. “This represents a significant evolution in their operational security and reflects a level of sophistication previously only seen in nation-state actors,” explained the SentinelOne threat intelligence team in their analysis. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The Dragon RaaS operation has been linked to a series of high-profile attacks against critical infrastructure, financial institutions, and healthcare organizations over the past three months, with ransom demands averaging $3.4 million per incident. Initial access vectors include phishing emails containing malicious Excel documents with embedded macros that download the first-stage loader through a PowerShell command. Once initial access is established, Dragon deploys a PowerShell loader that retrieves a second-stage DLL injected directly into memory to avoid detection. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Dragon operators have introduced a new feature that specifically targets database servers by corrupting transaction logs before encryption, making recovery particularly challenging even with backups. The exploitation chain begins with a specially crafted HTTP request that triggers memory corruption in the authentication module, effectively bypassing security controls. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 20 Mar 2025 11:20:05 +0000


Cyber News related to Dragon RaaS Leading 'Five Families' Crimeware With New Initial Access & Exploitation Methods

Dragon RaaS Leading 'Five Families' Crimeware With New Initial Access & Exploitation Methods - A sophisticated Ransomware-as-a-Service (RaaS) operation known as ‘Dragon’ has emerged as the dominant force within the notorious “Five Families” of crimeware, implementing advanced initial access techniques and exploitation ...
1 week ago Cybersecuritynews.com
How a Group of Train Hackers Exposed a Right-to-Repair Nightmare - Earlier this month, Polish hackers known as Dragon Sector accused one of Poland's largest train makers, Newag, of intentionally bricking its own trains when they're repaired by third parties. Newag threatened to sue Dragon Sector, but the story ...
1 year ago Packetstormsecurity.com
CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago
Rise in RaaS Operations and Implications for Business Security - Recently, there had been news regarding the cyber-attack in a Japanese port, that blocked the smooth transfer of goods - a hack in a Las Vegas resort which led to malfunction in slot machines and guest check-ins and a whopping $100 million loss, and ...
1 year ago Cysecurity.news
Cyber Insights 2023: Criminal Gangs - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. Despite some geopolitical overlaps with state attackers, the majority of ...
2 years ago Securityweek.com
Trains were designed to break down after third-party repairs, hackers find - An unusual right-to-repair drama is disrupting railroad travel in Poland despite efforts by hackers who helped repair trains that allegedly were designed to stop functioning when serviced by anyone but Newag, the train manufacturer. Members of an ...
1 year ago Packetstormsecurity.com
29 malware families target 1,800 banking apps worldwide - Mobile banking is outpacing online banking across all age groups due to its convenience and our desire to have those apps at our fingertips, according to Zimperium. This surge is accompanied by a dramatic growth in financial fraud. The research ...
1 year ago Helpnetsecurity.com
Cybercrime experts reveal how to infiltrate ransomware gangs The Register - Though it happens rarely, it's always a good day when a ransomware group is taken down by law enforcement. Singapore-based Group-IB celebrated its 20th anniversary in the cybersecurity industry this year, and during this time its researchers have ...
1 year ago Go.theregister.com Qilin
Cybercrime experts reveal how to infiltrate ransomware gangs The Register - Though it happens rarely, it's always a good day when a ransomware group is taken down by law enforcement. Singapore-based Group-IB celebrated its 20th anniversary in the cybersecurity industry this year, and during this time its researchers have ...
1 year ago Theregister.com Qilin
CVE-2007-0228 - The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) ...
7 years ago
Ransomware Actor Uses TeamViewer to Gain Initial Access to Networks - TeamViewer is software that organizations have long used to enable remote support, collaboration, and access to endpoint devices. Like other legitimate remote access technologies, it is also something that attackers have used with relative frequency ...
1 year ago Darkreading.com
Aoqin Dragon - Aoqin Dragon is a suspected Chinese cyber espionage threat group that has been active since at least 2013. Aoqin Dragon has primarily targeted government, education, and telecommunication organizations in Australia, Cambodia, Hong Kong, Singapore, ...
1 year ago Attack.mitre.org Aoqin Dragon
Hackers Fix Polish Train Glitch, Face Legal Pushback by the Manufacturer - In a recent cybersecurity incident, three Polish hackers achieved success in repairing the malfunctioning software of a train, initially serviced by independent repair shops for a regional rail operator. The narrative took a twist when accusations ...
1 year ago Hackread.com
21 New Mac Malware Families Emerged in 2023 - A total of 21 new malware families designed to target macOS systems were discovered in 2023, according to Patrick Wardle, a researcher specializing in the security of Apple devices. Wardle has published a blog post analyzing the new malware families ...
1 year ago Securityweek.com LockBit
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024) - Software Name Software Slug 012 Ps Multi Languages 012-ps-multi-languages ABC APP CREATOR abcapp-creator Absolute Reviews absolute-reviews Accordion accordions Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads quick-adsense-reloaded Advanced File ...
5 months ago Wordfence.com Slug
CVE-2019-13363 - admin.php?pagenotification_by_mail in Piwigo 2.9.5 has XSS via the nbm&#95;send&#95;html&#95;mail, nbm&#95;send&#95;mail&#95;as, nbm&#95;send&#95;detailed&#95;content, ...
2 years ago
CVE-2023-52587 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2020-28092 - PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?gTeam&mTask&amy&status3&id,?gTeam&mTask&amy&status0&id,?gTeam&mTask&amy&status1&id,?gTeam&mTask&amy&status10&id ...
4 years ago
CVE-2025-21881 - In the Linux kernel, the following vulnerability has been resolved: ...
2 days ago
LockBit Ransomware Affiliate Sentenced to Prison in Canada - A Russian-Canadian national was sentenced to nearly four years in prison in Canada for his role in the LockBit ransomware operation. The man, Mikhail Vasiliev, 34, was arrested in October 2022 in his home in Bradford, Ontario. In February 2024, he ...
1 year ago Securityweek.com LockBit
Ransomware Rises Despite Law Enforcement Takedowns - Ransomware activity increased in 2023 compared to 2022, according to Google-owned Mandiant. This is despite broadscale law enforcement operations against prominent ransomware groups, including ALPHV/BlackCat. Mandiant shared ransomware research ...
9 months ago Infosecurity-magazine.com LockBit
New York's cyber chief on keeping cities and states safe from cyberattacks | The Record from Recorded Future News - And so we think that that'll continue to evolve the security posture of New York State in a way that first and foremost provides the public good, which is, if a government service is not secure, it can't be considered reliable. We're ...
3 days ago Therecord.media
Ransomware Mastermind Uncovered After Oversharing on Dark Web - When researchers responded to an ad to join up with a ransomware-as-a-service operation, they wound up in a cybercriminal job interview with one of the most active threat actors in the affiliate business, who turns out to be behind at least five ...
1 year ago Darkreading.com
East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
1 year ago Cnn.com
Kaspersky crimeware report: FakeSG, Akira and AMOS - Cybercriminals try to capitalize on their victims in every possible way by distributing various types of malware designed for different platforms. In recent months, we have written private reports on a wide range of topics, such as new cross-platform ...
1 year ago Securelist.com Akira

Latest Cyber News


Cyber Trends (last 7 days)