DragonForce Posts Eighteen Victims Across Eight Countries in 48 Hours

DragonForce posted eighteen victims across eight countries in 48 hours, including a US defense subcontractor, four law firms, and chemical manufacturers.
Table of Contents
    Add a header to begin generating the table of contents

    DragonForce listed eighteen victims across eight countries during a 48-hour posting sprint from July 14 through July 16, 2026, targeting organizations in the United States, United Kingdom, Canada, Australia, New Zealand, Mexico, South Africa, and India. The batch — documented separately from six additional DragonForce victims posted in the same window and covered in separate reporting — spans defense contracting, legal services, chemical manufacturing, healthcare, industrial fabrication, and commercial sectors.

    Meridian Defense Solutions and the US Defense Sector Listing

    DragonForce posted Meridian Defense Solutions LLC — a Maryland-based defense subcontractor providing systems integration services to US government agencies — on July 14, 2026. The listing appeared at the start of the batch and carries sector-specific significance: defense subcontractors hold sensitive government contracts, technical specifications, systems integration documentation, and agency points of contact. No ransom amount was disclosed in the posting, and Meridian Defense Solutions had not publicly confirmed the breach at the time ransomware tracking sources documented its inclusion on DragonForce’s dark web leak site.

    Defense Contractor Data and the Risk of RaaS Affiliate Indiscriminate Targeting

    DragonForce’s ransomware-as-a-service model distributes attack capabilities to independent affiliates who identify and breach targets based on opportunity rather than strategic direction from the group’s operators. The result is that a US defense subcontractor appears in the same victim batch as hospitality businesses, packaging manufacturers, and law firms. Affiliates have no target restrictions that would exclude organizations supplying critical government services; any accessible victim qualifies. For defense-adjacent organizations, the absence of targeting criteria on the affiliate side means that standard phishing and credential attacks — the typical RaaS entry vectors — pose the same ransomware exposure risk that affects all sectors.

    Four Law Firms Listed in the July 14–16 Window

    DragonForce posted four law firm victims in the July 14–16 period: Burnham & Associates (US), Crawford McKillop LLP (Canada), Hale Solicitors (UK), and Whitfield & Pratt Barristers (New Zealand). Law firms hold privileged client communications, litigation strategies, settlement details, financial records, and the personally identifying information of clients across every sector the firm serves. Ransomware groups consistently target legal sector victims because clients of the firm — who may be large corporations, government entities, or high-net-worth individuals — have strong incentives to prevent privileged communications from being published on a dark web leak site. The four-firm listing in a single two-day batch reflects the pattern of RaaS affiliates treating legal services as a recurring high-value target category.

    Chemical Manufacturing, Healthcare, and Industrial Victims in the Batch

    Two chemical manufacturers appeared in the July 14–16 listings: Nexigen Chemicals Inc. (US) and Vanthor Materials Group (Australia). Chemical sector breaches raise concerns about the potential exposure of proprietary formulation data, materials safety documentation, and customer supply chain records — data whose release could affect industrial clients who depend on the targeted company for production inputs.

    Two healthcare providers were also listed: MedPoint Clinics Group, a private multi-specialty clinic chain operating across northern India, and Redwood Community Health Alliance, a federally qualified health center serving rural California communities. Rural healthcare providers draw recurring attention from ransomware affiliates in part because their operational resilience is limited — a system outage at a rural health center that covers a large geographic area has direct consequences for patient care continuity in communities with few alternative providers.

    Industrial, Fabrication, and Commercial Victims Spanning Multiple Countries

    Industrial and manufacturing victims include Trevose Fabrication Inc. (US, metal fabrication), Harmon Precision Tools (US, precision manufacturing), and Crestwood Packaging Solutions Ltd (UK). Commercial and hospitality victims listed in the same window include Brixton House Group (UK), Fairgate Distributors Ltd (New Zealand), and Sunrise Pacific Holdings (Australia). None of these organizations had publicly confirmed their inclusion in the DragonForce batch at the time ransomware tracking sources documented the listings.

    Ransomware.live confirmed all eighteen listings via direct monitoring of the DragonForce dark web leak site. The July 14–16 posting volume — eighteen victims across eight countries in 48 hours, separate from the six additional DragonForce victims documented in the same period — reflects the aggregate output of an affiliate network in which individual affiliates conduct attacks independently and post victims to the shared DragonForce infrastructure at their own pace. No single attack team is responsible for the full batch; the volume is a product of the RaaS model distributing attack execution across many independent operators simultaneously.

    Related Posts