The TIDE: Threat-Informed Defense Education (Qilin, RansomHub, BlackSuit)

This is our second installment of The TIDE, which is your guide to all things Threat-Informed Defense—at least in terms of what my Adversary Intelligence Team works on and provides to our customers weekly. Last week I wrote about the work that the Tidal CTI team did around Moonstone Sleet and the law enforcement activity around DarkGate, SocGholish, and DiceLoader. From a defensive standpoint, Tidal released newly modeled products for our Enterprise users to model different solutions, ensuring they got a basic understanding of what their capabilities could do to help their MITRE ATT&CK® coverage.  

As we always note, we have both our Community and Enterprise editions because everyone deserves to stay up to date with the most recent adversary activity and know what solutions exist to defend against them. Our Enterprise customers can do coverage mapping and defensive stack optimization, which is where the platform scales, but we focus on bringing value all around. 

Here is this week’s The TIDE:

Threat Highlights 

• Qilin Ransomware: A major ransomware attack on a technology service provider, which caused widespread disruptions at London hospitals, was attributed to Qilin Ransomware. We released a software object for Qilin in March and the team added more technique relationships this week—an Enterprise Edition customer exclusive. Qilin has targeted victims in a wide range of sectors and is behind multiple earlier high-profile attacks (a media conglomerate, major auto parts supplier, Australian court services). Qilin appeared in the Tidal-curated Major & Emerging Ransomware and Extortion Threats threat profile after the number of claimed attacks spiked in February.  

• This week, we also released our monthly update for the above mentioned threat profile, which features Qilin again, as well as new objects for emerging threats teams may want to keep on their radars: RansomHub and BlackSuit

If you're a Community user or new to us and want to get your hands on the object we built for Qilin, you can email us and we’ll schedule a time to get you started.