On November 21, 2025, the ransomware group DragonForce launched a targeted cyberattack against Emirates Integrated Telecommunications Company (du.ae), a major telecom operator in the UAE. The group publicly claimed responsibility and threatened to leak sensitive company data unless ransom negotiations were initiated. The attack posed a severe risk of exfiltrated corporate and customer data, potentially including financial records, proprietary telecom infrastructure details, and personally identifiable information (PII). Given du.ae’s critical role in the UAE’s digital infrastructure, the breach could disrupt national communication services, erode customer trust, and trigger regulatory penalties for data protection failures. The incident also highlighted vulnerabilities in third-party supply chains and employee credential security, as attackers likely exploited phishing or dark web-sourced credentials. While the full scope of the leak remains undisclosed, the threat of public data exposure and operational downtime places the company at risk of reputational damage, financial losses, and potential legal repercussions if customer or employee data is compromised.
Source: https://www.dexpose.io/dragonforce-ransomware-attack-on-du-telecom/
du cybersecurity rating report: https://www.rankiteo.com/company/du
"id": "DU1182011112325",
"linkid": "du",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'telecommunications',
'location': {'city': None,
'country': 'United Arab Emirates (UAE)',
'region': None},
'name': 'Emirates Integrated Telecommunications '
'Company P.J.S.C.',
'type': 'private (publicly traded)'}],
'data_breach': {'data_exfiltration': 'threatened (not yet confirmed)'},
'date_publicly_disclosed': '2025-11-21',
'description': 'On November 21, 2025, the ransomware group DragonForce '
'publicly claimed responsibility for a cyberattack against '
'Emirates Integrated Telecommunications Company P.J.S.C. '
'(du.ae), a leading telecom operator in the UAE. The group '
'threatened to release sensitive data unless the company '
'engages in negotiations.',
'impact': {'brand_reputation_impact': 'high (potential data leak threat)'},
'investigation_status': 'ongoing (threat actor issued public statement; no '
'confirmation of data leak yet)',
'motivation': 'financial (ransom demand)',
'ransomware': {'data_exfiltration': 'threatened (public leak if no '
'negotiation)'},
'recommendations': ['Monitor dark web/infostealer activity in real-time '
'(e.g., DeXpose).',
'Conduct immediate compromise assessments to identify '
'infiltration vectors and persistence mechanisms.',
'Validate backups (ensure offline, encrypted, immutable '
'storage).',
'Integrate threat intelligence feeds (IOCs) into SIEM/XDR '
'for real-time alerting.',
'Harden defenses: enforce MFA, run phishing simulations, '
'and secure credentials.',
'Engage cybersecurity incident response experts and legal '
'counsel before interacting with threat actors.'],
'references': [{'date_accessed': '2025-11-21',
'source': 'DeXpose Threat Intelligence Report'}],
'response': {'enhanced_monitoring': 'dark web/infostealer monitoring '
'(DeXpose)',
'remediation_measures': ['monitor dark web/infostealer activity '
'(DeXpose platform)',
'conduct compromise assessment '
'(incident review)',
'validate backups (ensure encryption, '
'offline/immutable storage)',
'apply threat intelligence (integrate '
'IOCs into SIEM/XDR)',
'harden employee defenses (phishing '
'simulations, enforce MFA)',
'engage professional response teams '
'(cybersecurity, legal)']},
'threat_actor': 'DragonForce',
'title': 'Ransomware Attack on Emirates Integrated Telecommunications Company '
'(du.ae) by DragonForce',
'type': 'ransomware'}