DragonForce, a ransomware-as-a-service group active since 2023, has rebranded as a cartel and formed alliances with groups like Scattered Spider, LAPSUS$, and ShinyHunters. The group uses Conti-derived code and employs BYOVD attacks to terminate processes. DragonForce has expanded its affiliate program, allowing partners to white-label payloads and create variants. The group has exposed over 200 victims on its leak site, targeting various sectors. DragonForce's partnership with Scattered Spider, known for sophisticated social engineering techniques, has led to high-profile breaches. The group's ransomware samples show significant overlap with Conti's leaked source files and use ChaCha20 encryption.