Start / Daily Security Review / Dragonforce ransomware hits belk 150gb data leak and operational chaos

DragonForce Ransomware Hits Belk: 150GB Data Leak and Operational Chaos

81 min • 15 juli 2025

In this episode, we dive into the May 2025 ransomware attack on Belk, the iconic U.S. department store chain, orchestrated by the DragonForce ransomware group—a fast-rising player in the ransomware-as-a-service (RaaS) ecosystem. The cyberattack brought down Belk’s online and in-store operations for days, exfiltrated over 156GB of sensitive data, and sparked legal action following the delayed breach disclosure. With customer names and Social Security numbers compromised and leaked, the impact has rippled far beyond Belk’s systems.

We examine how this attack fits into a broader RaaS-fueled campaign against the retail sector, including recent incidents at Marks & Spencer, Co-op Group, and Harrods. DragonForce, leveraging a model built on affiliate partnerships and rebranded ransomware payloads, is lowering the barrier to entry for cybercriminals—enabling less sophisticated actors to inflict enterprise-level damage.

This episode covers:

The attack timeline and operational disruption across Belk's digital and physical storefronts
What DragonForce stole—and why their leak site appearance suggests Belk didn’t pay the ransom
The role of RaaS in expanding ransomware's reach, making powerful attack infrastructure available to anyone with money and motive
How DragonForce affiliates, including those tied to Scattered Spider, are combining social engineering, credential theft, and advanced TTPs to bypass defenses
Why retail chains are increasingly at risk—and how many still underestimate the severity of the threat
Key defensive takeaways: from phishing-resistant MFA to Active Directory hardening, breach simulation exercises, and incident response planning

The Belk breach illustrates the evolving nature of ransomware, where supply chain access, insider tricks, and layered obfuscation tactics are the norm—not the exception. As regulatory scrutiny rises and ransomware groups professionalize, retailers and mid-market enterprises must reframe security not as an IT task, but as a business continuity imperative.

Senaste avsnitt

Cloud Computing Heist: $3.5 Million Fraud Leads to Prison for Fake Crypto Influencer

19 augusti | 48 min

Embassy Espionage: Kimsuky and Suspected Chinese Partners Deploy XenoRAT in Seoul

19 augusti | 65 min

GSMA Confirms Flaws: Researchers Unveil Dangerous 5G Sniffing and Injection Attack

19 augusti | 51 min

SAP NetWeaver Under Siege: New Exploit Chains Threaten Global Enterprises

19 augusti | 45 min

Ransomware Gangs Deploy Kernel-Level EDR Killers to Evade Detection

19 augusti | 35 min

DragonForce Ransomware Hits Belk: 150GB Data Leak and Operational Chaos

Senaste avsnitt

Cloud Computing Heist: $3.5 Million Fraud Leads to Prison for Fake Crypto Influencer

Embassy Espionage: Kimsuky and Suspected Chinese Partners Deploy XenoRAT in Seoul

GSMA Confirms Flaws: Researchers Unveil Dangerous 5G Sniffing and Injection Attack

SAP NetWeaver Under Siege: New Exploit Chains Threaten Global Enterprises

Ransomware Gangs Deploy Kernel-Level EDR Killers to Evade Detection

Chinese APTs Target Taiwan: UAT-7237’s SoundBill Loader and Gelsemium’s FireWood Backdoor

Colt Cyberattack: Multi-Day Outages After WarLock Ransomware Exploited SharePoint Zero-Day

Workday Breach Tied to Third-Party CRM Hack in ShinyHunters Campaign

DOJ Brings Down Zeppelin Ransomware Operator, Seizes Millions in Crypto

U.S. Sanctions Grinex, the Russian Crypto Exchange Born from Garantex’s Ashes

Canadian House of Commons Breach Tied to Microsoft SharePoint Zero-Day

Norwegian Authorities Blame Pro-Russian Hackers for Critical Infrastructure Breach

MadeYouReset: New HTTP/2 Flaw Could Unleash Massive DDoS Storms

Cybersecurity Budgets Hit Historic Slowdown as Global Tensions Mount

CVE-2025-53786: The Microsoft Exchange Hybrid Flaw That Could Take Down Your Domain

Allianz Life Breach: 2.8 Million Records Leaked in Salesforce Hack

Charon Ransomware Targets Middle East Government and Aviation Sectors

August 2025 Patch Tuesday: Microsoft and Adobe Fix Over 170 Security Flaws

RansomHub Hits Michigan’s Manpower — Data Breach Exposes 140,000 Individuals

Security Firms Warn GPT-5 Is Wide Open to Jailbreaks and Prompt Attacks

Germany’s Top Court Limits Police Spyware to Serious Crimes Only

BadCam: Lenovo Webcam Flaw Turns Everyday Cameras into Remote BadUSB Attack Tools

Free Wi-Fi Loophole Lets Hackers Breach Smart Bus Control Systems

ReVault: Critical Dell Firmware Flaws Allow Windows Login Bypass and Persistent Implants

Air France–KLM Data Breach Exposes Customer Info via Compromised Third-Party Platform

Critical Flaws in CyberArk Conjur and HashiCorp Vault Put Enterprise Secrets at Risk

Prompt Injection Nightmare: Critical AI Vulnerabilities in ChatGPT, Copilot, Gemini & More

From Google to LVMH: ShinyHunters’ Salesforce Breaches Spark Global Ransom Crisis

Cisco Hit by Vishing Attack: CRM Breach Exposes Millions of User Profiles

Ox Security Unveils Agent Ox: AI Tool That Writes Tailored Fixes for Software Vulnerabilities

Meta Deletes 6.8 Million Scam Accounts as AI-Powered Fraud Rings Exploit WhatsApp

Meta Found Liable: Jury Rules Against Tech Giant in Flo Health Privacy Case

TSMC Insider Threat: Six Arrested in Taiwan Over 2nm Chip Trade Secrets

Approov Secures £5M to Fortify Mobile App and API Security Against AI-Driven Threats

Pwn2Own Ireland 2025: $1M WhatsApp Exploit Bounty Raises the Stakes

Nvidia Triton Inference Server Vulnerabilities Expose AI Infrastructure to Attack

CISA & FEMA Release $100M in Cybersecurity Grants to Strengthen State, Local, and Tribal Defenses

AI Jailbreaks on the Rise: How Hackers Are Extracting Training Data from LLMs

350,000 Patient Records Exposed: Inside the Northwest Radiologists Data Breach

Critical Honeywell Experion PKS Vulnerabilities Threaten Global Industrial Control Systems

Auto-Color Linux Malware Exploits SAP Zero-Day CVE-2025-31324

Inside the July 2025 PyPI Phishing Scam: How Hackers Stole Developer Credentials

IoT Security Crisis: Dahua Smart Camera Vulnerabilities Expose Surveillance Systems

Dropzone AI Secures $37M to Tackle Alert Fatigue with Autonomous SOC Analysts

Axonius Buys Cynerio for $100M+: Closing Healthcare’s Biggest Cybersecurity Blind Spot

Critical Lenovo Firmware Flaws Expose Millions to Persistent UEFI Attacks

Promptfoo Secures $18.4M to Combat AI Security Threats in Generative AI

1.1 Million Private Messages Leaked: Inside the Tea App Privacy Disaster

Job Scams, Corporate Espionage, and Digital Deception: Inside the Deepfake Crisis

Microsoft Exposes Major macOS Flaws in Transparency, Consent, and Control

Aeroflot in Chaos: How Hackers Crippled Russia’s Flagship Airline

Neferpitou Claims Cyberattack on French Naval Defense Giant

Root Evidence Launches With $12.5M to Redefine Vulnerability Management

NASCAR Hit by Medusa Ransomware: 1TB of Data Stolen in April 2025 Cyberattack

Scattered Spider Strikes Again: Inside the VMware ESXi Ransomware Tactics

Koske Malware Hides in Panda Images, Weaponizes AI to Target Linux

Operation Checkmate: BlackSuit Ransomware’s Dark Web Sites Seized

Coyote Malware Exploits Microsoft UI Automation in First-Ever Wild Attack

No Fix Coming: Remote Code Execution Flaw in 1,300 LG Security Cameras

ToolShell Exploited: China-Linked Hackers Breach NNSA and U.S. Government Networks

Massive NPM Breach: Malicious Packages Spread via Compromised Maintainer Accounts

Clorox Sues Cognizant Over $356M Cyberattack: Who's Really to Blame?

HeroDevs Secures $125M to Extend Life of Critical Open Source Software

UK Moves to Ban Ransomware Payments for Public Sector and Critical Infrastructure

New SysAid Vulnerabilities Added to CISA’s KEV List: XXE Flaws Could Enable RCE

Lumma Stealer Returns: Malware-as-a-Service Resurges After Global Takedown

Cisco ISE Critical Flaws Now Actively Exploited: No Workarounds, Just Root Access

ToolShell: SharePoint Zero-Day Chain Gives Hackers Full Remote Access

CVE-2025-54309: CrushFTP Zero-Day Exploited in Global Admin Access Attacks

Dell Breach by World Leaks: Extortion Attempt Hits Demo Platform

Critical VPN Vulnerability: ExpressVPN Exposed IPs via RDP Misrouting

Dior Data Breach Exposes U.S. Customer Info in LVMH Vendor Attack

StrongestLayer Raises $5.2M to Fight AI-Powered Phishing with TRACE

750,000 Records Exposed: Inside the TADTS Data Breach by BianLian

SS7 Is Still Broken: How Surveillance Firms Are Bypassing Telco Defenses

The UNFI Cyberattack: How Hackers Disrupted the U.S. Food Supply Chain

Zuckerberg on Trial: The $8 Billion Data Privacy Reckoning

Operation Eastwood: Inside the Takedown of NoName057(16)