According to a new advisory from Radware, a hacktivist group called DragonForce Malaysia, “with the assistance of several other threat groups, has begun indiscriminately scanning, defacing and launching denial-of-service attacks against numerous websites in India.” In addition to DDoS, their targeted campaign – dubbed “OpsPatuk” – involves advanced threat actors “leveraging current exploits, breaching networks and leaking data.”
DragonForce Malaysia – best known for their hacktivism in support of the Palestinian cause – have turned their attention on India this time, in response to a controversial comment made by a Hindu political spokesperson about the Prophet Mohammed.
According to the advisory, OpsPatuk remains ongoing today.
The Casus Belli
In a televised debate last month, Nupur Sharma – a spokesperson for the Hindu nationalist Bharatiya Janata Party (BJP) – made controversial remarks regarding the age of the Prophet Mohammed’s third wife, Aisha. Widespread outrage followed, involving statements from leaders in the Muslim world, widespread protests, and the outsting of Sharma herself from BJP.
Then, beginning on June 10, DragonForce Malaysia entered the fray. Their new offensive against the government of India was first enshrined in a tweet:
Greetings The Government of India. We Are DragonForce Malaysia. This is a special operation on the insult of our Prophet Muhammad S.A.W. India Government website hacked by DragonForce Malaysia. We will never remain silent. Come Join This Operation ! #OpsPatuk Engaged
The new advisory confirms that the group has used DDoS to perform “numerous defacements across India,” pasting their logo and messaging to targeted websites.
The group also “claimed to have breached and leaked data from various government agencies, financial institutions, universities, service providers, and several other Indian databases.”
The researchers also observed other hacktivists – ‘Localhost’, ‘M4NGTX’, ‘1887’, and ‘RzkyO’ – joining the party, “defacing multiple websites across India in the name of their religion.”
Who are DragonForce Malaysia?
DragonForce Malaysia is a hacktivist group in the vein of Anonymous. They’re connected by political goals, with a penchant for sensationalism. Their social media channels and website forums – used for everything “ranging from running an eSports team to launching cyberattacks” – are visited by tens of thousands of users.
In the past, DragonForce have launched attacks against organizations and government entities across the Middle East and Asia. Their favorite target has been Israel, having launched multiple operations – #OpsBedil, #OpsBedilReloaded and #OpsRWM – against the nation and its citizens.
According to the authors of the advisory, DragonForce are “not considered an advanced or a persistent threat group, nor are they currently considered to be sophisticated. But where they lack sophistication, they make up for it with their organizational skills and ability to quickly disseminate information to other members.” Like Anonymous and the Low Orbit Ion Cannon, DragonForce weaponizes their own open source DoS tools – Slowloris, DDoSTool, DDoS-Ripper, Hammer, and more – in choreographed, flashy website defacements.
Some members, “over the last year, have demonstrated the ability and desire to evolve into a highly sophisticated threat group.” Among other things, that’s included leveraing publicly disclosed vulnerabilities. In OpsPatuk, for example, they’ve been working with the recently discovered CVE-2022-26134.
“DragonForce Malaysia and its associates have proven their ability to adapt and evolve with the threat landscape in the last year,” concluded the authors. With no signs of slowing down, “Radware expects DragonForce Malaysia to continue launching new reactionary campaigns based on their social, political, and religious affiliations in the foreseeable future.”