Stay updated with the latest Cybersecurity News on our TecnetBlog.

Cybercrime Cartels: The Alliances Threatening Global Security

Written by Zoilijee Quero | Oct 13, 2025 5:40:16 PM

Hacker groups that once competed are now forming global alliances to share infrastructure, tools, and stolen data. This collaboration—likened by experts to drug cartels—is reshaping the cybersecurity landscape.

At TecnetOne, we break down how these digital cartels operate, which groups are involved, and how you can defend your organization against threats that now act in networks, not alone.

 

From Rivals to Partners: How Cybercrime Evolved

 

For years, ransomware gangs fought for fame and profit. But pressure from law enforcement and global crackdowns forced them to unite.

Now, these groups don’t just share tools or servers—they plan joint attacks, split ransoms, and refine extortion methods. Like multinational corporations, they operate with efficiency and scale.

The latest proof is the ransomware cartel announced on October 8, involving LockBit, Qilin, and DragonForce, on a dark web forum.

Their motto?

“United for the future of our field.”

 

LockBit, Qilin & DragonForce: The Ransomware Cartel

 

This new cartel blends experience, global reach, and technical sophistication:

 

  1. LockBit: The world’s largest RaaS (Ransomware-as-a-Service) provider. Though disrupted by law enforcement in 2024, it's returned stronger with LockBit 5.0.

 

  1. Qilin: Known for its recent attack on Asahi Breweries, notorious for effective and aggressive campaigns.

 

  1. DragonForce: Offers “white-label” ransomware, enabling others to deploy its tech under different names. It acts as the cartel’s enabler, providing support and distribution.

 

Together, they improve encryption, data theft, and double extortion tactics—forcing victims to pay twice: once to recover systems, and again to prevent public leaks.

This mirrors the infamous LockBit-Maze alliance of 2020, which redefined ransomware operations.

 

Read more: Trinity of Chaos: The Cybercrime Alliance

 

Crimson Collective: Organized Cybercrime Returns

 

Ransomware isn’t the only form of cartel behavior. The rising Crimson Collective shows just how dangerous criminal collaboration can be.

They made headlines after breaching Red Hat Consulting, stealing 570+ GB of data and 28,000 code repositories with tokens and credentials from 5,000+ companies.

The group now operates under the Scattered Lapsus$ Hunters portal—a fusion of Scattered Spider, Lapsus$, and Shiny Hunters, previously believed to be dismantled.

They mix social engineering and cloud-based attacks, using vishing (fake employee calls) and leaked credentials for platforms like AWS and Salesforce.

Their message on the dark web was clear:

“We prefer direct extortion. We don’t need ransomware to cause damage.”

This lowers risk and speeds up attacks, giving victims less time to respond.

 

Digital Cartels: Cooperation in the Shadows

 

Alliances like those between LockBit, Qilin, DragonForce, and Crimson Collective have changed the game:

 

  1. These aren’t small gangs anymore, but global networks of cybercrime.

 

  1. They share infrastructure, exchange exploit data, subcontract specialists, and monetize attacks via joint platforms.

 

This creates a multiplying effect:

 

  1. One attack can cascade across multiple victims.

 

  1. Ransoms are coordinated by multiple actors.

 

  1. Response times shrink—stopping them in time becomes nearly impossible.

 

Cybercrime is now organized, efficient, and scalable.

 

Business & Government Impact

 

The consequences go far beyond ransom payments:

 

  1. Loss of client and partner trust

 

  1. Supply chain-wide data leaks

 

  1. Legal penalties for poor data protection

 

  1. Reputational damage that can last years

 

Cases like Asahi Breweries and Red Hat show that no one is safe—not tech giants or industrial powerhouses.

Each data leak becomes fuel for future attacks.

 

You might also be interested in: Lethal Hacker Alliance: ShinyHunters and Scattered Spider Strike

 

What You Can Do Against Cybercrime Cartels

 

At TecnetOne, we believe the only way to defeat organized attackers is through organized defense.

Here’s what your company should do now:

 

  1. Strengthen authentication
    Use device-based certificates and multi-factor authentication (MFA) everywhere.

 

  1. Tighten credential policies
    Implement IAM policies to ban long-term or shared passwords.

 

  1. Scan code & environments
    Use tools to detect leaked tokens or secrets in repos like GitHub or GitLab.

 

  1. Limit remote access
    Allow logins only from trusted IPs and block unnecessary exposed ports, especially RDP.

 

  1. Patch quickly
    Cartels exploit known vulnerabilities. Keep everything up to date—servers, endpoints, apps.

 

  1. Promote threat intelligence sharing
    Join threat intel networks and share IoCs (Indicators of Compromise) with industry peers.

 

  1. Train your team
    Social engineering     remains the top entry point. Education is prevention.

 

Cooperate to Survive

 

The message is simple: cybercriminals collaborate because it works.

Businesses must adopt the same logic—stop working in silos, start sharing knowledge, and build collective resilience.

At TecnetOne, we believe modern cybersecurity is a shared effort.

It’s not just about tools, but about a community that learns, reacts, and grows together.

 

Conclusion: A New Era of Organized Cybercrime

 

The rise of cybercrime cartels marks a turning point in digital security.

Borders are blurred—between groups, nations, and attack methods.

In response, businesses must adopt a comprehensive and collaborative strategy:

anticipate, respond fast, and build alliances.

Because if cybercriminals act like cartels, cyberdefense must do the same.
View full post