DragonForce and Qilin Ransomware Groups Claim New Victims Including Momenta and Cemoi in Latest Dark Web Activity Reports: Dark Web recent claims + Video

Listen to this Post

Featured ImageIntroduction: A New Wave of Ransomware Claims Raises Cybersecurity Concerns

Ransomware groups continue to expand their operations in 2026, targeting organizations across technology, manufacturing, and other critical industries. Recent threat intelligence monitoring has identified new alleged victims linked to two of the most active ransomware operations today: DragonForce and Qilin.

According to reports shared by the ThreatMon Threat Intelligence Team, the DragonForce ransomware group allegedly added Momenta, a Chinese physical artificial intelligence company, to its victim list, while the Qilin ransomware operation reportedly claimed responsibility for an attack against Cemoi, a company known in the food manufacturing sector.

At this stage, these incidents remain claims made by ransomware actors or threat intelligence monitoring sources, and there is no independent confirmation from the affected organizations. However, the appearance of these names in ransomware leak ecosystems highlights the continued pressure businesses face from increasingly aggressive cybercriminal groups.

DragonForce Ransomware Allegedly Targets Momenta, a Leading Physical AI Company
Threat Actors Add Momenta to Alleged Victim List

The DragonForce ransomware group has reportedly listed Momenta, a company specializing in physical artificial intelligence technologies, as a new victim. The claim was identified through dark web ransomware activity monitoring conducted by the ThreatMon Threat Intelligence Team.

Momenta describes itself as a company focused on advancing physical AI through two major approaches: mass production and scalable robotics. The organization develops AI-driven systems designed to connect real-world environments with intelligent automation technologies.

If the ransomware claim is later confirmed, the incident could represent a significant concern because companies operating in AI and robotics sectors often handle valuable intellectual property, research data, engineering documents, and proprietary algorithms.

Why an AI Company Could Become a Valuable Ransomware Target
Intellectual Property Has Become a Major Cybercrime Target

Cybercriminal groups are increasingly targeting technology companies because stolen information can have significant underground value. While ransomware traditionally focused on encrypting systems and demanding payment, modern ransomware operations often prioritize data theft.

For companies involved in artificial intelligence, attackers may attempt to steal:

Research documents

Source code repositories

Internal development information

Customer-related information

Engineering designs

Business strategies

Even when systems are restored without paying a ransom, leaked confidential data can create long-term damage through competitive exposure, regulatory consequences, and reputational harm.

DragonForce Continues Expanding Its Ransomware Campaign

A Growing Threat Landscape

DragonForce has become one of the ransomware groups frequently appearing in threat intelligence reports. Like many modern ransomware operations, the group operates using a double-extortion strategy.

This approach involves:

Gaining unauthorized access to company networks.

Stealing sensitive information.

Encrypting systems or threatening disruption.

Publishing stolen data if victims refuse payment.

The group’s activity demonstrates how ransomware organizations continue evolving beyond simple malware attacks into organized criminal businesses.

Qilin Ransomware Allegedly Claims Cemoi as Another Victim

Second Ransomware Claim Emerges From Threat Monitoring

In a separate report, the Qilin ransomware group allegedly added Cemoi to its victim list. The claim was also detected through ransomware activity monitoring by ThreatMon.

Cemoi is recognized as a major company in the chocolate and confectionery industry. A ransomware attack against a food manufacturing organization could potentially affect production operations, supply chain processes, and internal business systems.

However, similar to the Momenta case, there is currently no public confirmation from Cemoi regarding whether a cybersecurity incident occurred.

Qilin’s Reputation as an Active Ransomware Operation

One of the Most Persistent Ransomware Groups

Qilin has become a prominent ransomware name in underground cybercrime ecosystems. The group has targeted organizations across multiple industries and regions, often using data theft as leverage.

The ransomware ecosystem has increasingly shifted toward:

Affiliate-based operations

Data leak pressure campaigns

Initial access brokerage

Customized attacks against large organizations

Groups such as Qilin benefit from this ecosystem by collaborating with other criminals who provide network access or specialized services.

The Growing Business Model Behind Modern Ransomware

Cybercrime Has Become More Professionalized

Modern ransomware groups increasingly operate like illegal technology companies. They maintain infrastructure, recruit affiliates, develop malware tools, and manage negotiation processes.

This criminal economy includes:

Initial access sellers who provide compromised accounts

Malware developers who create ransomware tools

Data brokers who sell stolen information

Negotiation specialists who communicate with victims

The result is a ransomware landscape that is more scalable and dangerous than earlier generations of cyberattacks.

Why These Alleged Attacks Matter for Global Organizations

Businesses Must Prepare for Data Extortion

Even organizations without critical infrastructure can become ransomware targets. Attackers often select victims based on potential financial value, weak security controls, or access to valuable information.

Companies should prioritize:

Multi-factor authentication

Network segmentation

Regular security assessments

Offline backups

Employee security training

Continuous threat monitoring

Cybersecurity is no longer only about preventing malware execution. It is about reducing the impact of inevitable attacks.

Deep Analysis: Understanding the DragonForce and Qilin Threat Activity

Ransomware Groups Are Expanding Beyond Traditional Targets

The alleged targeting of Momenta and Cemoi shows how ransomware groups continue expanding across different industries. Technology companies, manufacturers, healthcare organizations, and financial institutions all remain attractive targets because they possess valuable information and operational dependencies.

AI Companies Face New Cyber Risks

Artificial intelligence companies represent a particularly valuable target category. AI systems depend heavily on data, research, and proprietary models. A successful breach could expose years of development work and provide competitors or criminals with highly valuable information.

Data Theft Has Become the Main Weapon

Encryption alone is no longer the primary ransomware threat. Criminal groups understand that companies may recover from encrypted systems through backups. However, stolen data creates additional pressure because organizations fear public exposure.

Dark Web Claims Require Careful Verification

Ransomware groups frequently publish victim claims before releasing evidence. Some claims are exaggerated, outdated, or completely false. Security researchers and organizations must verify incidents before making conclusions.

Threat Intelligence Plays a Critical Role

Monitoring ransomware leak sites and underground forums allows security teams to identify potential threats earlier. Intelligence platforms can help organizations discover whether their names appear in criminal discussions.

DragonForce Shows the Evolution of Ransomware Operations

DragonForce represents the newer generation of ransomware groups that combine technical attacks with psychological pressure. Their goal is not only to disrupt systems but also to create reputational and financial consequences.

Qilin Remains a Persistent Global Threat

Qilin’s continued appearance in ransomware monitoring reports shows that the group remains active and capable of targeting organizations in multiple sectors.

Supply Chains Increase Risk Exposure

Companies connected through suppliers, partners, and software platforms may become indirect targets. Attackers increasingly search for the weakest link in a business ecosystem.

Organizations Need Faster Detection

Traditional security approaches are often too slow against ransomware campaigns. Early detection of suspicious activity can prevent attackers from reaching critical systems.

Backup Strategies Remain Essential

Reliable backups continue to be one of the strongest defenses against ransomware. However, backups must be protected because attackers increasingly attempt to destroy recovery options.

Cybersecurity Investment Is Becoming a Business Requirement

Companies now view cybersecurity as part of operational resilience. A major breach can affect customers, investors, employees, and business continuity.

What Undercode Say: Deep Analysis

Ransomware Claims Reflect a Constant Cyber Conflict

The latest DragonForce and Qilin victim claims highlight a continuing battle between organizations attempting to secure their networks and criminal groups searching for weaknesses.

Not Every Claim Represents a Confirmed Breach

The cybersecurity community must separate ransomware announcements from verified incidents. Criminal groups have financial incentives to exaggerate their success.

AI Companies Are Becoming Strategic Targets

As artificial intelligence becomes more important globally, companies developing AI technologies will likely face increasing attacks because their information has high economic value.

Cybercriminal Groups Follow Market Opportunities

Ransomware actors often choose victims based on profitability. Industries holding valuable data or facing operational pressure are especially attractive.

Double Extortion Remains the Dominant Strategy

The combination of encryption and data leaks continues to give attackers stronger negotiation power against victims.

Security Awareness Must Continue Improving

Employees remain a major entry point for attackers through phishing, stolen credentials, and social engineering.

Threat Intelligence Provides Early Warning

Organizations that monitor ransomware activity can sometimes detect risks before attacks become public incidents.

Ransomware Has Become a Long-Term Business Threat

Companies cannot treat ransomware as a temporary cybersecurity problem. It has become a permanent challenge requiring continuous investment.

✅ DragonForce and Qilin ransomware groups are known ransomware operations: Both groups have appeared in multiple cybersecurity reports and threat intelligence monitoring activities.

❌ Momenta and Cemoi breaches are not publicly confirmed: Current information comes from ransomware activity reports and attacker claims, not verified statements from the organizations.

✅ Modern ransomware frequently uses data theft and extortion tactics: Cybersecurity research confirms that attackers increasingly combine encryption with stolen-data threats.

Prediction

(+1) Positive Prediction

Organizations will continue improving ransomware defenses through stronger identity protection, better monitoring systems, and increased cybersecurity investments. More companies are adopting proactive security strategies that can reduce the impact of future attacks.

(-1) Negative Prediction

Ransomware groups will likely continue targeting AI companies, manufacturers, and technology organizations because valuable data and operational disruption create strong financial incentives for attackers.

(+1) Positive Prediction

Greater cooperation between cybersecurity companies, governments, and private organizations may improve ransomware tracking and help disrupt criminal networks.

(-1) Negative Prediction

The ransomware economy is expected to remain active as long as attackers can monetize stolen information through underground markets and extortion campaigns.

▶️ Related Video (64% Match):

🕵️‍📝Let’s dive deep and fact‑check.

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

References:

Reported By: x.com
Extra Source Hub (Possible Sources for article):
https://www.reddit.com/r/AskReddit
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube