DragonForce Malaysia, a hacktivist group, has released an exploit that enables Windows Server Local Privilege Escalation (LPE) to allow access to Local Distribution Router (LDR) capabilities. The threat group also announced its plans to add ransomware attacks to its arsenal.
A Proof of Concept (PoC) of the exploit was posted by DragonForce Malaysia on its Telegram channel, which was analyzed by CloudSEK. Even though there is no CVE known for the bug, the threat group says that the exploit can be leveraged to bypass authentication “remotely in one second” to access the LDR layer.
The threat group claimed it plans to leverage the exploit in campaigns aimed at companies operating in India. DragonForce Malaysia has launced multiple campaigns in the past three months targeting organizations and government agencies across Asia and the Middle East.