In recent months, threat actors claiming to be part of a new conglomerate dubbed Scattered Lapsus$ Hunters (aka SP1D3R HUNTERS, SLSH) have asserted responsibility for laying siege to customer Salesforce tenants as part of a coordinated effort to steal data and hold it for ransom.
At least one industry source refers to this criminal syndicate as the Trinity of Chaos. “Trinity” is used because the conglomerate is likely composed of individuals tied to three groups: Muddled Libra (aka Scattered Spider), Bling Libra (aka ShinyHunters), and LAPSUS$, all of which are likely representative of the broader cybercriminal community known as The Com.
Read more…
Source: Palo Alto Unit 42
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA and Partners Release Update to Malware Analysis Report BRICKSTORM Backdoor
December 19, 2025
Today, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canadian Centre for Cyber Security released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional BRICKSTORM samples. This update provides information on additional samples, including Rust-based samples. These samples demonstrate advanced persistence and defense ...
- UK Foreign Office was victim of cyberattack
December 19, 2025
The UK Foreign Office was hacked in October, a minister has admitted, raising fears that thousands of confidential documents and data may have been compromised. While ministers are “pretty confident” that visa applicants’ details have not been accessed, they have admitted that they are not confident about the identity of the hacker. Sources told The Sun ...
- FBI: Senior U.S. Officials Continue to be Impersonated in Malicious Messaging Campaign
December 19, 2025
This is an update to Public Service Announcement I-051525-PSA, released May 15, 2025, which can be found here. Activity dating back to 2023 reveals malicious actors have impersonated senior U.S. state government, White House, and Cabinet level officials, as well as members of Congress to target individuals, including officials’ family members and personal acquaintances. If ...
- Police arrest suspect over Microsoft 365 cyber attack
December 19, 2025
The Nigeria Police Force National Cybercrime Centre (NPF-NCCC) has apprehended a suspected cyber fraudster linked to coordinated attacks on Microsoft 365 email platforms used by corporate organisations. The arrest followed an intelligence-led investigation triggered by credible information from Microsoft Corporation in the United States, conveyed through the Federal Bureau of Investigation (FBI). The intelligence exposed the ...
- UK: NHS GP software supplier hit by cyber attack
December 19, 2025
DXS International which provides healthcare technology for the NHS has disclosed a cyber attack, which has led to data being stolen. The UK-based company provides software that helps to reduce costs for doctors and primary care physicians and is used by around 2,000 GPs which oversee the care of around 17 million patients. In a filing ...
- Denmark blames Russia for cyberattacks on water utility and local government websites
December 18, 2025
The Danish government has accused Russia of being behind two “destructive and disruptive” cyber-attacks in what it describes as “very clear evidence” of a hybrid war. The Danish Defence Intelligence Service (DDIS) announced on Thursday that Moscow was behind a cyber-attack on a Danish water utility in 2024 and a series of distributed denial-of-service (DDoS) attacks ...