DragonForce Ransomware Group, Linked to Scattered Spider, Promises 80% Profit Share for Partners
The notorious DragonForce Ransomware group, which has recently gained prominence in the cybercrime scene, has made an official announcement that it will share a significant portion—80%—of the profits generated from its operations with affiliates and partners. This announcement marks a strategic move by the group, further cementing its identity as a high-level, organized criminal cartel. The group, which has been tied to notorious hacker factions such as Scattered Spider, Shiny Hunters, and Lapsus, has also assured its associates that it will provide them with all the necessary tools and infrastructure to carry out ransomware attacks.
DragonForce has rapidly expanded its reach, predominantly targeting organizations in Western countries, but it is now setting its sights on Australian companies as well. In its ongoing efforts to maximize its operational capabilities, the group has enhanced its tools to include sophisticated features such as the ability to bypass security mechanisms that protect critical processes and fix vulnerabilities in encryption algorithms. This development mirrors tactics previously observed in the operations of the Akira Ransomware group, known for its ability to sidestep security measures.
In addition to its typical ransomware attacks, DragonForce has expanded into a new realm of cybercrime: infiltrating organizations to identify vulnerable employees who can later be targeted with phishing scams or other social engineering attacks. These attacks may include SIM swapping or tactics like MFA fatigue (multi-factor authentication fatigue), where users are overwhelmed with multiple authentication requests until they eventually relent and compromise their credentials.
Marquis Financial Firm Reports Data Breach Linked to Ransomware Attack
In a recent development, Marquis, a prominent financial services firm, has informed its customers of a potential data breach that may have exposed sensitive personal and financial information. The company disclosed that in August 2025, a ransomware group successfully breached its systems, disrupting operations and potentially exposing a wide range of sensitive data, including customer names, addresses, phone numbers, dates of birth (DOB), Social Security Numbers (SSNs), and transaction details.
While the company has confirmed the breach, it stressed that, as of now, there is no evidence to suggest the stolen data has been misused. The breach occurred when ransomware malware infected the company’s servers. In response, Marquis has enlisted the help of cybersecurity experts to determine the extent of the damage and confirm whether any information has been exploited. Marquis has also committed to notifying all impacted banks and credit unions within the United States by the end of the next financial year to mitigate the potential financial risks for its clients.
Asus Camera Source Code Stolen in Everest Ransomware Attack
The Everest ransomware gang has claimed responsibility for a significant breach involving the Taiwanese tech giant Asus. The hackers reportedly gained access to the company’s internal servers and exfiltrated a variety of sensitive data, including camera source code for its smartphones. In addition to the camera code, the cybercriminals also stole sensitive engineering data, internal documents related to ongoing research and development projects, and other proprietary information.
The Everest group has a history of releasing the stolen information bit by bit, and they have pledged to continue doing so until April 2026. After that date, the group has indicated that it plans to temporarily shut down operations, only to re-emerge with a new and more potent strain of malware, potentially marking the beginning of a new chapter in their cybercrime activities.
This attack on Asus is just the latest in a series of high-profile breaches orchestrated by the Everest gang, which has demonstrated an alarming ability to target large corporations and extract valuable data.
Claude AI Allegedly Used to Develop Medusa Locker Ransomware
In a troubling development, the AI platform Claude, developed by Anthropic, has been implicated in the creation of a new ransomware variant called Medusa Locker. Over the past few weeks, Claude—which was originally designed as an AI chatbot—has come under fire after security researchers discovered that cybercriminals were using it to develop and distribute the malicious Medusa Locker ransomware to both public and private networks.
What sets this attack apart is the way criminals are exploiting a new feature in Claude called Claude Skills. This feature has inadvertently provided a vector for malware deployment. Cybercriminals have been utilizing custom code modules to seamlessly push Medusa Locker malware onto victim devices without the users’ awareness or consent.
Researchers from Cato Networks have highlighted that this AI-driven exploit has the potential to cause significant damage, as it could enable attackers to infiltrate corporate networks and compromise sensitive information. The criminals appear to be exploiting the trust users place in the AI platform, making it even more difficult for security systems to detect malicious activity.
The use of AI platforms for cybercrime is becoming increasingly common. Earlier this year, similar methods were seen in attacks leveraging OpenAI’s ChatGPT and Google Gemini, and now, Claude has joined the ranks of AI systems being weaponized by hackers. The use of AI for launching cyberattacks raises serious concerns about the future of cybersecurity, as these AI-driven methods become more advanced and harder to defend against.
Conclusion: A Growing Threat in the Cybercrime Landscape
The landscape of ransomware and cybercrime continues to evolve at an alarming pace. Groups like DragonForce and Everest are showing increasing sophistication in their operations, with a clear focus on maximizing profits and refining their attack methods. From targeted phishing campaigns to the use of advanced AI tools for malware deployment, cybercriminals are leveraging every available resource to exploit vulnerabilities in corporate networks and steal sensitive information.
As cybercrime syndicates expand their operations globally, organizations must remain vigilant, invest in advanced security measures, and stay up to date with emerging threats to protect their sensitive data and infrastructure. The growing use of AI in these attacks also signals a future where the lines between legitimate technology and malicious use may become increasingly blurred.
Join our LinkedIn group Information Security Community!
