Cyber Threat Actor: DragonForce Malaysia
| Actor Type | Location | Known Incidents |
Activist
|
Malaysia
|
1 incident |
|---|
Profile
DragonForce Malaysia is a hacktivist group operating from Malaysia, primarily known for conducting cyberattacks against Indian entities in retaliation for perceived religious offenses. The group publicly claimed responsibility for a coordinated campaign in June 2022 targeting at least 70 Indian government and private sector websites, framing their actions as a response to anti-Muslim remarks made by an Indian political spokesperson. Their operations demonstrate a clear focus on disruption, data exfiltration, and public shaming of targets aligned with their ideological grievances.
The group systematically targeted Indian educational institutions, government agencies, and private businesses during their June 2022 campaign, explicitly naming victims such as Delhi Public School, Bharathidasan University's Entrepreneurship Hub, and the Indian Embassy of Israel's website. Their tactics centered on website defacements featuring protest messages, data theft from compromised systems, and public dissemination of stolen credentials through social media. DragonForce Malaysia leveraged Telegram and Twitter for operational coordination, recruitment calls for their "#OpsPatuk" campaign, and real-time announcements of victims. The exfiltration of databases containing personal identifiable information – including full names, email addresses, and passwords – served both as proof of compromise and as a means to amplify psychological impact.
Notably, DragonForce Malaysia's June 2022 operation exhibited structured hacktivist tradecraft: simultaneous multi-target defacements, staged data leaks timed for maximum visibility, and explicit calls for global Muslim hacker solidarity against India. Their compromise of Bharathidasan University's career hub included video evidence of stolen data, while their breach of an unspecified Indian government database resulted in public exposure of citizen credentials. These actions intentionally exploited the absence of immediate breach confirmation mechanisms under India's then-pending six-hour reporting mandate, demonstrating awareness of regulatory environments. The group's operations consistently linked digital attacks to offline political events, using cyber capabilities as protest instruments against religious disrespect.