CloudSEK’s contextual AI digital risk platform XVigil found a Tweet from the Malaysian hacktivist group, Dragon Force, calling for attacks on the Indian government by Muslim hackers all around the world.
The group’s primary objective of the attack, as claimed by them, was to get back at the Indian Government for controversial comments on Prophet Muhammad by some Indian politicians. The group has named this operation OpsPatuk, which translates to “strike back”.
Commenting on the campaign Darshit Ashara, Principal Threat Researcher, CloudSEK said, “As we have seen during the Russia-Ukraine conflict, hacktivists are persistent and resourceful. So, it’s imperative for the Indian government and private organizations to take this campaign seriously. We need to start by nullifying the low-hanging fruit that threat actors typically use as initial vectors to initiate attacks. This includes malware logs, misconfigured applications, default passwords, unpatched or outdated servers and other assets, and previously leaked databases being sold on the dark web.”
DragonForce Malaysia, a pro-Palestinian hacktivist group based in Malaysia, is behind this cyber call to arms. This organization owns and runs a forum where they publish announcements and discuss their most recent actions. There are also Instagram and Facebook profiles for the group, as well as many Telegram channels. Using Tiktok and Instagram reels, the gang has been running frequent recruitment and promotion efforts. The posts calling for hacktivist action against the Indian government have received over 2.4 million views.
The group has also shared evidence that they have hacked Indian government websites like indembassyisrael[.]gov[.]in,manage[.]gov[.]in,extensionmoocs[.]manage[.]gov[.]in,cia[.]manage[.]gov[.]in, cfa[.]manage[.]gov[.]in among others, detailed report [here].
The group has released a list of websites that supporters and allies are encouraged to target. This covers private Indian websites in addition to many Indian government websites like that of Companies that deal with logistics and supply chain, Educational institutions, Technology and Software Companies, Web Hosting Providers.
Dragon Force has previously been associated with groups like Revolution Pakistan, Rileks Crew, T3DimensionMalaysia, United Muslim Cyber Army, Code Newbie, Phantom Crews, Local host Malaysia, Harimau Malaya Cyber Army, Group Tempur Rakyat Malaysia, most of which appear to be from Malaysia or Pakistan. There is a high risk of this operation garnering more support and attention from activists throughout the world.
In light of Dragon Force’s aggressive actions and threats, it is critical for Indian businesses and government institutions to safeguard their websites, assets, and endpoints in order to prevent further attacks.
CloudSEK will continue to investigate this evolving pattern of attacks and provide timely updates to help the Indian government and private entities strengthen their security.