{ "id": "c25499d9-eaa6-4f9d-8b85-46bacf035375", "created_at": "2026-04-06T00:09:31.526224Z", "updated_at": "2026-04-10T03:26:36.593175Z", "deleted_at": null, "sha1_hash": "070cd256f0c4ebb9744e40ec04c3b48395e7e9d7", "title": "DragonForce Malaysia attacks Israeli institutions: Radware", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 33827, "plain_text": "DragonForce Malaysia attacks Israeli institutions: Radware\r\nBy Gaurav Sharma\r\nPublished: 2023-04-14 · Archived: 2026-04-02 10:38:13 UTC\r\nAfter being absent from this year's OpIsrael campaign, the pro-Palestinian hacktivist group DragonForce Malaysia\r\nhas returned for a third year with an operation targeting Israel. The group's rebranded campaign, OpsPetir,\r\nreplaced OpsBedil and currently overlaps with OpIsrael. As a result, those who directly or indirectly support the\r\ncountry of Israel could become a target of OpsPetir, which is anticipated to run between April 12 and Al Quds Day\r\non April 21. This is according to a new Radware cybersecurity advisory.\r\nSome of OpsPetir's first attacks on Israel were reported against universities and financial institutions. During the\r\ncoming days, Radware expects campaign targets to include religious and healthcare organisations, service\r\nproviders, transportation, and government agencies. Attacks will likely range from scanning and exploiting to data\r\ndumps, denial-of-service attacks, and website defacements.\r\nAccording to Daniel Smith, head of research for Radware's threat intelligence division, \"To draw attention to its\r\npolitical statement, DragonForce Malaysia aims to disrupt and temporarily disable online services and websites\r\nfor multiple organisations and government institutions.\"\r\n\"We expect dozens of members of DragonForce Malaysia will use a new denial-of-service tool, called\r\nCyberTroopers, which was released by a member of the OpsPetir group. It's interesting to note in a screenshot\r\nshared by the CyberTroopers creator that it appears the threat actor is using ChatGPT for personal projects,\" he\r\nadds. \r\nCyberTroopers is an obfuscated Python program, which includes functionality to download lists of free and open\r\nproxy and SOCKS services on the internet from free-proxy-list[.]net and proxyscrape[.]com. The collected proxy\r\nand SOCKS services are leveraged to spoof and randomise the origin of the attacks and increase the complexity of\r\ndetection and mitigation for L7 application attacks. Furthermore, by exploiting the tool's TCP, UDP and HTTP\r\nflooding capabilities, the group will aim to disrupt and temporarily disable online services and websites to draw\r\nattention to their political statement.\r\nIn June of 2021, DragonForce Malaysia launched OpsBedil in response to an Israeli ambassador to Singapore\r\nstating that Israel was ready to begin working towards establishing ties with Southeast Asia's Muslim-majority\r\nnations. The following year, in April, the group launched OpsBedil Reloaded in reaction to political confrontation\r\nin Israel.\r\nAfter being absent during the return of OpIsrael 2023 on April 11, the threat group posted a statement in their\r\nforum stating that an operation targeting Israel, OpsPetir, will officially begin on April 12 at 9.30 pm Malaysia\r\nTime, or 2.30 pm Israel time, and is projected to last until April 20.\r\nThe group has been observed working with several threat groups over the years, including the T3 dimension\r\nTeam, Reliks Crew, and AnonGhost. In addition, DragonForce Malaysia has an active forum where threat actors\r\nhttps://securitybrief.asia/story/dragonforce-malaysia-attacks-israeli-institutions-radware\r\nPage 1 of 2\n\npost-campaign announcements and discuss varying tactics, techniques, and procedures. The group also has a\r\nTelegram channel, but this year, most of its content is replicated throughout the forum and other social media\r\nplatforms, including Discord. Before OpsPetir, DragonForce Malaysia targeted India with OpsPatuk, a reactionary\r\noperation related to a political figure's controversial statements in India about the Prophet Muhammad.\r\nSource: https://securitybrief.asia/story/dragonforce-malaysia-attacks-israeli-institutions-radware\r\nhttps://securitybrief.asia/story/dragonforce-malaysia-attacks-israeli-institutions-radware\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "https://securitybrief.asia/story/dragonforce-malaysia-attacks-israeli-institutions-radware" ], "report_names": [ "dragonforce-malaysia-attacks-israeli-institutions-radware" ], "threat_actors": [ { "id": "6608b798-f92b-42af-a93f-d72800eeb3a3", "created_at": "2023-11-30T02:00:07.292Z", "updated_at": "2026-04-10T02:00:03.482199Z", "deleted_at": null, "main_name": "DragonForce", "aliases": [], "source_name": "MISPGALAXY:DragonForce", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "843f4240-33a7-4de4-8dcf-4ff9f9a8c758", "created_at": "2025-07-24T02:05:00.538379Z", "updated_at": "2026-04-10T02:00:03.657424Z", "deleted_at": null, "main_name": "GOLD FLAME", "aliases": [ "DragonForce" ], "source_name": "Secureworks:GOLD FLAME", "tools": [ "ADFind", "AnyDesk", "Cobalt Strike", "FileSeek", "Mimikatz", "SoftPerfect Network Scanner", "SystemBC", "socks.exe" ], "source_id": "Secureworks", "reports": null } ], "ts_created_at": 1775434171, "ts_updated_at": 1775791596, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/070cd256f0c4ebb9744e40ec04c3b48395e7e9d7.pdf", "text": "https://archive.orkl.eu/070cd256f0c4ebb9744e40ec04c3b48395e7e9d7.txt", "img": "https://archive.orkl.eu/070cd256f0c4ebb9744e40ec04c3b48395e7e9d7.jpg" } }