Trinity of Chaos Hits 39 Giants, Leaks PII, Threatens 1.5B Records
Cybercriminals, known as the 'Trinity of Chaos', have struck again, this time targeting 39 prominent companies, including Aeromexico, AirFrance, Google, and Cisco. The group has leaked substantial amounts of sensitive data, including personally identifiable information (PII), and threatens to expose over 1.5 billion records if ransoms are not paid.
The group, associated with Lapsus$, Scattered Spider, and ShinyHunters, has launched a data leak site on the TOR network. The compromised data was obtained through various methods, including vishing attacks and stolen OAuth tokens. The 'Trinity of Chaos' has shifted towards traditional ransomware tactics, exploiting vulnerabilities in Salesforce instances and other systems.
The FBI has issued a flash warning, advising organizations to monitor their Salesforce environments for signs of infiltration. Despite claims of retirement, the group continues to conduct coordinated hacks and extortion operations. The full extent of compromised data across various sectors is still emerging, with new victims and incidents coming to light. The group has publicly announced the 39 affected companies via their Data Leak Site, with no new victims disclosed beyond this list in the months before and after October 10, 2025.
The compromised data may be exploited for malicious purposes, including harmful AI applications and targeted phishing campaigns. Organizations are urged to enhance their cybersecurity measures and remain vigilant against evolving threats. The author of this article, Pierluigi Paganini, can be followed on Twitter at @securityaffairs for further updates on cybersecurity news and trends.
