DragonForce Ransomware targeting M&S vows not to target Russia or Soviet Union

In a surprising twist, DragonForce Ransomware, the group responsible for a recent attack on UK retailer Marks & Spencer, has made an unusual public plea. The group is reportedly asking other cybercriminal organizations to avoid targeting businesses operating in Russia and the former Soviet Union.

This move suggests that DragonForce may either have ties to Russia or is receiving funding from a state in the post-Soviet region. As a result, they appear to be showing allegiance to these countries, warning fellow hacking groups to refrain from launching cyberattacks against companies in these territories. It seems DragonForce has positioned itself as a protector of businesses in certain regions, with a stated goal of preserving the use of technology in these areas.

Additionally, DragonForce has made a statement regarding its tactics, explaining that it deleted all the personal information, including names and contact details, that was taken from Co-op’s servers. The group emphasized that their policy is to simply extort money and avoid destroying data. They argue that deleting valuable business data can have devastating effects, with some companies potentially never recovering from the loss.

According to cybersecurity experts, DragonForce has targeted around 90 companies across various industries so far, and has explicitly warned rival groups—such as Scattered Spider—not to attack any networks in Russia. This marks an unprecedented move, as it’s the first time a hacking group has issued such a directive to other cybercriminals, effectively setting boundaries for their operations.

British newspaper The Observer reports that Dragon Force has been linked to over 167 attacks across 32 countries, including 87 organizations in the United States, 17 in the UK, 8 in Australia, 8 in Italy, and 5 in Canada.

This shift in behavior among cybercriminal gangs may reflect the growing competition within the underground hacking world. These groups seem to be establishing territorial boundaries, showing a more organized and strategic approach to their criminal enterprises.

The reasons behind DragonForce’s direct warning to the Scattered Spider group—particularly advising them not to target Russia—remain unclear. However, given the group’s cartel-like structure, it’s possible that Dragon Force has some form of financial or political backing from the Russian government, or that it has ties to Russian intelligence services under the leadership of President Putin.