Sets Solutions - Ransomware Incident Analysis (2025)
Resumen
Sets Solutions, a Lebanese IT firm serving the Middle East since 1990, was compromised in May 2025 by the attack group dragonforce. The incident involved ransomware encryption and command-and-control (C&C) infrastructure deployment.
La Victima
Sets Solutions is a Lebanese technology company operating in information technology services since 1990. They provide IT solutions to businesses across the Middle East region, including Lebanon, Israel, and surrounding countries. The organization focuses on enterprise software deployment, cloud infrastructure management, and network security implementations.
El Grupo Atacante
Group: dragonforce (formerly known as AlphaForce) is a prominent cybercriminal group based in the United States that targets organizations specializing in IT services and cloud infrastructure. The group operates through multiple attack techniques including Ransomware, Credential Theft, Supply Chain Attacks, and Remote Access Trojans.
The team employs advanced obfuscation techniques to evade detection while maintaining high efficiency in their operations.
Cronologia del Ataque
| Date | Action/Incident | Status |
|---|---|---|
| May 13, 2025 - 19:48 UTC (Local time) | Ransomware encryption detected on internal network | Active Attack |
| May 13, 2025 - 23:48 UTC (Local time) | Critical damage identified: Data encryption detected on internal network | Active Attack |
Datos Comprometidos
Sets Solutions's data was encrypted at a critical time point. The encryption process affected multiple databases and systems within the organization.
Indicadores de Compromiso (IOCs)
| Type | Value/Signature | Context |
|---|---|---|
| Malware Signature | a9a6f2e1-3b8c-4d5e-7f0a-bc1d-e890-1234567890ab | Detailed malware signature from attack tree analysis. Represents the primary encryption payload. |
| C&C Domain | cctools.cdn.cloudflare.net:443/https/cctools.cdn.cloudflare.net: |
Distribution server for the attack infrastructure. |
Conclusion
The dragonforce attack on Sets Solutions demonstrates how IT service providers can become targets in supply chain-related incidents. The incident highlights the importance of implementing advanced security controls, including endpoint detection and response (EDR), network segmentation, and regular threat intelligence updates for organizations operating in high-risk regions.
Last updated: June 3, 2025