Overview

Name: DragonForce (also known as “DragonForce Malaysia” in its early hacktivist phase) 

Type: Cybercriminal group operating a Ransomware-as-a-Service (RaaS) platform with hybrid motivations (financial gain and some residual hacktivist ideology).   

Origin/Base: Initially based in Malaysia, with a global affiliate network. Emerged as a ransomware threat actor around mid-2023. 

Motivation: Primarily financial (extortion through ransomware), while occasionally aligning with political or ideological causes (a legacy of its hacktivist roots). The group’s evolution represents a hybrid threat – blending hacktivist-style targeting with profit-driven cybercrime. 

Current Status: As of 2025, DragonForce is a mature RaaS operation counted among the notable ransomware threats globally1. It actively recruits affiliates worldwide and provides them with tools and infrastructure to conduct attacks. Recent high-profile campaigns (e.g. attacks on major UK retailers) have raised DragonForce’s profile on the international stage.