DragonForce hackers claim responsibility for Belk data breach

DragonForce, a cyber criminal group connected to a series of attacks against retail firms in recent months, is claiming credit for an attack on the North Carolina-based department store chain Belk.

The group claimed on its leak site that it has approximately 156 gigabytes of data stolen from the company. 

Researchers have linked DragonForce to an April attack on Marks & Spencer, one of the first breaches in a months-long attack spree linked to Scattered Spider. DragonForce claimed credit for the intrusion, but M&S officials believe the group was working with Scattered Spider during the attack. 

“DragonForce operates as Ransomware-as-a-Service — meaning various groups can pay for affiliate access to DragonForce’s leak site,” Chris Yule, director of threat research at Sophos, told Cybersecurity Dive via email. “Each victim could be posted by a different affiliate, making it hard to immediately draw links between individual victims that appear on the site.”  

Sophos researchers provided screen shots of the claim, which were posted Monday on the DragonForce leak site. Arctic Wolf researchers also provided screen shots from the leak site. Based on the leaked information, the data was accessed in early May.

After launching in 2023, DragonForce earlier this year rebranded itself as a cartel. It allows other operators to use its hacking infrastructure and launch attacks under their own names or under the DragonForce name, according to Sophos researchers.

DragonForce had listed approximately 136 victims on its leak site as of March, according to Sophos. 

The attack spree has claimed a number of high-profile retailers in the U.K. and U.S., including the Harrods department store in the U.K., Victoria’s Secret and Whole Foods distributor United Natural Foods. 

Scattered Spider has since turned its attention to the insurance and airline industries. 

Belk, based in Charlotte, N.C., operates approximately 300 stores in 16 southeastern states under the Belk and Belk Outlet names. The company also operates online. 

A spokesperson for Belk did not immediately respond to a request for comment