In a dramatic farewell letter filled with poetry and mockery, a notorious hacker conglomerate known as the ‘Trinity of Chaos’ announced their retirement. “Our objectives having been fulfilled, it is now time to say goodbye,” they wrote, with some members off to “enjoy our golden parachutes with the millions the group accumulated.” However, cybersecurity analysts warn that despite their September farewell, the group’s hallmark hacking techniques have resurfaced in recent attacks, suggesting they may still be active.
Dubbed a “supergroup” of young cybercriminals, the Trinity of Chaos may be embarking on a reunion tour, or perhaps they never truly left. This group, comprising LAPSUS$, ShinyHunters, and Scattered Spider, has targeted major global organizations, including Qantas, Allianz Life, Adidas, and Google, revealing vulnerabilities in Fortune 100 companies and government agencies.
The Digital Natives Taking on Fortune 100s
According to a report by cybersecurity firm Resecurity, the Trinity of Chaos has been responsible for high-profile cyberattacks, including a significant breach at Qantas in July 2025 that exposed over 6 million customers. Marks & Spencer, another victim, faced disruptions in April 2025, leading to a projected £300 million hit to its profits. These incidents highlight the group’s ability to exploit weaknesses in major corporations.
David Tuffley, a cybersecurity expert from Griffith University, likens the Trinity of Chaos to a rock band “supergroup,” where each member brings unique strengths to the table. Despite their youthful demeanor, their impact is anything but juvenile. “There have been 91 victims in total claimed by the group,” Dr. Tuffley noted.
A Set of Signature Tactics
The Trinity of Chaos is known for their adept use of social engineering techniques, which exploit human vulnerabilities to gain access to networks. This includes tactics like vishing (voice phishing) and impersonating IT staff. Jennifer Medbury, a lecturer in intelligence and security at Edith Cowan University, explains, “Social engineering is quite interesting because it’s sort of this umbrella term for getting people to do things that they wouldn’t necessarily do.”
Recent attacks on Qantas and Marks & Spencer involved hackers tricking call center employees into revealing passwords or authentication codes. The use of deepfakes and generative AI to clone voices has made these tactics harder to detect, allowing cybercriminals to operate at a larger scale.
Making Big Companies Sweat
Focusing on data theft, the group extorts victims by threatening to leak stolen information. Resecurity’s report notes that the collective has gamified data leaks, using public polls to decide which victim’s data to release next, maximizing psychological impact and publicity.
Dr. Tuffley emphasizes the leverage hackers gain by targeting high-profile companies. “If they present a threat to Qantas management that addresses that fear of loss of reputation and loss of trust, then that’s very powerful leverage,” he said. In response, Qantas has strengthened its security measures and increased employee training.
Getting Ahead of the Hackers
Despite a few arrests, the Trinity of Chaos remains a formidable threat. Their retirement letter, Dr. Tuffley suggests, is likely a ruse to lull companies into a false sense of security. “I think they’re trying to lull people into that false sense of security, but what they always seem to do is regroup,” he said.
Resecurity reports ongoing attacks linked to Scattered Spider, indicating the group continues to operate discreetly. Dr. Tuffley advises companies to adopt “phishing resistant multi-factor authentication” and a zero-trust architecture to mitigate risks. “You make sure that your entire supply chain upstream and downstream are secure,” he added, emphasizing the importance of comprehensive security measures.
As the Trinity of Chaos continues to challenge major corporations, the cybersecurity landscape must evolve to counteract these increasingly sophisticated threats. With vigilance and innovation, organizations can hope to stay one step ahead of these digital adversaries.
