DRAGONFORCE Ransomware Group Lists Tricon Infotech as Victim on Dark Web Leak Site

Tricon Infotech, an international IT services company, has been added to the dark web leak site operated by the DRAGONFORCE ransomware group, signaling a significant cybersecurity incident affecting the technology services sector. The listing, published on the threat actor's dark web infrastructure and referenced across open-source intelligence channels, marks Tricon Infotech as the latest victim in a campaign that has targeted multiple organizations across industries. The timing and scope of the attack remain under scrutiny as investigators assess the full extent of the compromise.

DRAGONFORCE, a ransomware-as-a-service operation known for employing double-extortion tactics, typically threatens to publish exfiltrated data if ransom demands go unmet. The group has been active in recent months, leveraging vulnerabilities in enterprise systems and supply chain interfaces to gain initial access. Tricon Infotech's position as a provider of technology services raises concerns about potential exposure of client data, project assets, or internal communications held within the company's infrastructure.

The incident adds to a pattern of ransomware activity targeting technology and IT service providers, which serve as high-value targets due to their access to multiple client environments. Cybersecurity researchers tracking DRAGONFORCE operations note that the group's leak site has listed multiple victims in recent weeks, suggesting an active extortion campaign. Organizations operating in the technology sector are advised to review endpoint detection, access controls, and backup integrity as defensive priorities.