The DragonForce ransomware group has launched a massive cyberattack against organizations in Saudi Arabia, stealing over 6TB of sensitive data from a major real estate and construction firm. The attack was strategically timed just before Ramadan, and the stolen data has now been leaked online.
🔹 Target: Saudi Arabia’s real estate and construction sector
🔹 Tactics: Phishing, exploiting RDP/VPN vulnerabilities
🔹 Key exploited vulnerabilities: CVE-2021-44228, CVE-2023-46805, CVE-2024-21412, CVE-2024-21887, CVE-2024-21893
🔹 Ransomware-as-a-Service (RaaS): Operates with an 80% commission model for affiliates
🔹 Data Exfiltration: Fully automated, using WebDAV for file transfer
🔹 Target: Saudi Arabia’s real estate and construction sector
🔹 Tactics: Phishing, exploiting RDP/VPN vulnerabilities
🔹 Key exploited vulnerabilities: CVE-2021-44228, CVE-2023-46805, CVE-2024-21412, CVE-2024-21887, CVE-2024-21893
🔹 Ransomware-as-a-Service (RaaS): Operates with an 80% commission model for affiliates
🔹 Data Exfiltration: Fully automated, using WebDAV for file transfer
![[Image: MxgnhgZ.gif]](https://i.imgur.com/MxgnhgZ.gif)