Dragon RaaS | Pro-Russian Hacktivist Group Aims to Build on "The Five Families" Cybercrime Reputation

March 20, 2025, 9:43 a.m.

Description

Dragon RaaS is a ransomware group that emerged in July 2024 as an offshoot of Stormous, part of a larger cybercrime syndicate known as 'The Five Families'. The group markets itself as a sophisticated Ransomware-as-a-Service operation but often conducts defacements and opportunistic attacks rather than large-scale ransomware extortion. Dragon RaaS primarily targets organizations in the US, Israel, UK, France, and Germany, exploiting vulnerabilities in web applications, using brute-force attacks, and leveraging stolen credentials. The group operates two ransomware strains: a Windows-focused encryptor based on StormCry and a PHP webshell. Despite claims of creating a unique ransomware variant, analysis reveals that Dragon RaaS's payloads are slightly modified versions of StormCry.

External References

https://www.sentinelone.com/blog/dragon-raas-pro-russian-hacktivist-group-aims-to-build-on-the-five-families-cybercrime-reputation/
https://otx.alienvault.com/pulse/67db2bceaeb33fde1496fef2
Tags
ransomware
cybercrime
CVE-2024-3806
CVE-2024-3807
CVE-2024-3808
CVE-2024-3809
hacktivism
webshell
vulnerability exploitation
CVE-2024-47374
2025-03-19
defacement
stormcry
CVE-2022-0073
CVE-2023-2359
CVE-2023-6925
dragon raas
CVE-2023-47784
CVE-2022-0074
pro-russian

Date

  • Created: March 19, 2025, 8:40 p.m.
  • Published: March 19, 2025, 8:40 p.m.
  • Modified: March 20, 2025, 9:43 a.m.

Attack Patterns

  • Dragon RaaS
  • StormCry
  • Dragon RaaS

Additional Informations

  • Education
  • Government
  • Yemen
  • Iran, Islamic Republic of
  • Netherlands
  • Italy
  • Canada
  • France
  • Germany
  • United Kingdom of Great Britain and Northern Ireland
  • Ukraine
  • Israel
  • United States of America