Skip to content

Threat Intel Content Update: 6/10/2025

  • June 10, 2025
Tidal Cyber

Scattered Spider, DragonForce Ransomware, Play Ransomware Operation, Qilin Ransomware, “AI Threats” Tag collection 

Threat Content Highlights

Threat Objects & Profiles

Threat Objects, Tags, & Profiles
 
  • Technique & Tool relationships update for Scattered Spider following the latest update to Unit 42’s long-running “threat assessment” report on the group
     
    • We also updated our “Scattered Spider Ecosystem” curated Threat Profile with this new intelligence, and made it the focus of our “Trending & Emerging Threats” curated Threat Profile weekly update. Recent news reporting suggested that elements of Scattered Spider remain active and have been linked to a DragonForce ransomware attack on a UK retailer, although the level of direct collaboration between alleged Scattered Spider and DragonForce actors remains unclear.

  • Technique & Tool relationships update for the Play ransomware operation, following a new update to CISA’s advisory around the group (originally published December 2023)
     
    • We also added a net-new Playcrypt ESXi Software object based on intel from the updated advisory

  • Added a UNC6040 object following recent reporting that highlighted the group’s use of voice phishing to socially engineer access into victim environments. We’ve highlighted this trending attack vector multiple times in past weeks’ updates.

  • Updated our Qilin ransomware content following news of new CVE exploit activity linked to this operation

  • Three Groups (APT5, Ke3chang, Magic Hound) newly added to our “AI Threats” Tag collection following two recent reports
Data-Driven Threat-Informed Defense

Meet Tidal Enterprise Edition

Quickly and easily develop custom threat profiles and defensive stacks, see your coverage and identify gaps and redundancies, and get daily recommendations to improve your cybersecurity posture.

Learn More