In a dramatic farewell letter, a notorious hacker conglomerate known as the ‘Trinity of Chaos’ announced their retirement. This group, uniting some of the most infamous cybercriminal factions, claimed to have achieved their goals and were ready to “enjoy our golden parachutes with the millions the group accumulated.” However, cybersecurity experts warn that their signature hacking techniques have reappeared in recent cyber attacks, suggesting the group may be staging a comeback.
The announcement comes as cybersecurity analysts continue to observe the distinctive tactics of the ‘Trinity of Chaos’ in new waves of attacks and extortion emails. The group, comprised of LAPSUS$, ShinyHunters, and Scattered Spider, has been linked to high-profile breaches involving major corporations such as Qantas, Allianz Life, Adidas, and Google.
The Digital Natives Targeting Fortune 100s
According to a report by cybersecurity firm Resecurity, the ‘Trinity of Chaos’ has exposed vulnerabilities in major Fortune 100 companies and government agencies. The report highlights “connections, tactical overlaps, and even direct collaboration” between the groups, which have intensified their operations against airlines and retail giants since mid-2025.
One of the most significant breaches attributed to the group was the July 2025 attack on Qantas, compromising the data of over 6 million customers. Similarly, Marks & Spencer faced disruptions after a cyber attack linked to the group, resulting in significant financial losses.
Cybersecurity expert David Tuffley from Griffith University likened the group’s collaboration to a rock band “supergroup,” capitalizing on each other’s strengths. Despite their youthful composition, the group has demonstrated a sophisticated understanding of cyber tactics.
“There have been 91 victims in total claimed by the group,” Dr. Tuffley noted.
A Set of Signature Tactics
The ‘Trinity of Chaos’ is known for its reliance on social engineering techniques, exploiting human weaknesses to gain unauthorized access. These tactics include vishing, phishing, and impersonation, often targeting call center employees to extract sensitive information.
Sigi Goode, a professor at the Australian National University, emphasized the group’s advanced technical knowledge, noting their digital nativity. However, their methods, while not novel, are highly organized and coordinated, leveraging their language skills to execute large-scale breaches.
Jennifer Medbury, a lecturer at Edith Cowan University, explained, “Social engineering is quite interesting because it’s sort of this umbrella term for getting people to do things that they wouldn’t necessarily do.”
The group’s use of deepfakes and generative AI to clone voices has further complicated detection efforts, enabling them to conduct attacks on a larger scale without direct human involvement.
Making Big Companies Sweat
Focusing on data theft, the group employs extortion tactics to pressure victims by threatening to release stolen information. Resecurity reports that the group has gamified data leaks, using public polls to decide which victim’s data to release next, maximizing psychological impact.
Dr. Tuffley highlighted the leverage hackers gain by targeting high-profile companies, which are particularly vulnerable to reputational damage. Qantas, for instance, faced significant pressure to address the breach promptly to maintain customer trust.
Qantas stated, “Ensuring continued vigilance and providing ongoing support for our customers remain our top priorities.”
Getting Ahead of the Hackers
Despite a few arrests related to the group, their retirement letter is seen as a strategic ploy. Dr. Tuffley warned that such groups often regroup and continue their operations under the radar.
Resecurity has linked recent attacks on financial services to Scattered Spider, indicating that the group’s activities are far from over. The company suggests that the group has shifted to more discreet operations after establishing credibility through past successes.
Dr. Tuffley advises organizations to adopt “phishing resistant multi-factor authentication” and implement zero-trust architectures to mitigate risks. Training employees and securing supply chains are also crucial steps in fortifying defenses against such sophisticated cyber threats.
“If you do all those things, then you’re going to be pretty right,” Dr. Tuffley concluded.
