# DragonForce's Exploited Vulnerabilities
> [!NOTE]
> This is the list of vulnerabilities that have been observed during intrusions that lead to DragonForce ransomware deployment or data exfiltration and leaks published to DragonForce's Tor Site

### `Pulse Secure / Ivanti`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| Ivanti Connect Secure | CVE-2024-21893 | DragonForce | [trendmicro.com](https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce) |
| Ivanti Connect Secure | CVE-2024-21887 | DragonForce | [trendmicro.com](https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce) |
| Ivanti Connect Secure | CVE-2023-46805 | DragonForce | [trendmicro.com](https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce) |

### `Fortinet`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| FortiOS & FortiProxy | CVE-2024-21762 | DragonForce | [ccb.belgium.be](https://ccb.belgium.be/open-media/1275/download?inline) |
| FortiOS & FortiProxy | CVE-2024-55591 | DragonForce | [ccb.belgium.be](https://ccb.belgium.be/open-media/1275/download?inline) |

### `SonicWall`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| SonicOS SSL-VPN | CVE-2024-40766 | DragonForce | [ccb.belgium.be](https://ccb.belgium.be/open-media/1275/download?inline) |

### `Windows`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| SmartScreen | CVE-2024-21412 | DragonForce | [trendmicro.com](https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce) |

### `Apache`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| Log4j | CVE-2021-44228 ("Log4Shell") | DragonForce | [trendmicro.com](https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce) |

### `SimpleHelp`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| SimpleHelp RMM | CVE-2024-57727 & CVE-2024-57728 | DragonForce | [sophos.com](https://news.sophos.com/en-us/2025/05/27/dragonforce-actors-target-simplehelp-vulnerabilities-to-attack-msp-customers/) |

---

#### Sources
| Date Published | Report |
|---|---|
| 27 May 2025 | https://news.sophos.com/en-us/2025/05/27/dragonforce-actors-target-simplehelp-vulnerabilities-to-attack-msp-customers/ |
| 29 October 2025 | https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce |
| 29 April 2026 | https://ccb.belgium.be/open-media/1275/download?inline |