Scattered Spider, ShinyHunters Restructure – New Attacks Underway
September 30, 2025
Resecurity warns the “Trinity of Chaos” (LAPSUS$, ShinyHunters, Scattered Spider) is driving a global cybercrime wave, with major breaches undisclosed.
A new Resecurity report has uncovered a rapidly unfolding—and potentially much larger—global cybercrime campaign led by the notorious alliance of LAPSUS$, ShinyHunters, and Scattered Spider. Contrary to recent claims of “retirement,” the so-called “Trinity of Chaos” continues to conduct coordinated hacks and extortion operations against leading enterprises, with multiple major data breaches yet to be disclosed to the public. This timely report highlights a surge of private extortion attempts, signaling that the true blast radius of these threat actors may far exceed what has so far come to light.
Resecurity analysts warn that only now are new victims and incidents coming to the surface. With confidential extortion activity ongoing—and the group leveraging its notoriety to coerce companies into silence—the full extent of compromised data across the Fortune 100, financial services, technology, aviation, retail, and auto sectors is just beginning to emerge.
This is a developing story, with ongoing attacks and fresh evidence challenging prior assumptions about the scope and impact of these Gen Z adversaries. Journalists tracking the cybercrime landscape—especially those following the infamous Qantas, JLR, AT&T, and Salesforce incidents—will find this latest Resecurity analysis a crucial resource on the evolving threat and what’s likely still lurking below the surface.
The UK’s Cyber Monitoring Centre (CMC) labels Marks & Spencer and Co-op cyberattacks a Category 2 event, estimating financial impact at £270M–£440M. The government has also announced a £1.5 billion ($2 billion) loan guarantee for Jaguar Land Rover (JLR) in response to the highly disruptive cyberattack that recently hit the carmaker.
The Guardian reported that JLR, which is owned by Tata Group, has outsourced cybersecurity and other IT services to Tata Consultancy Services (TCS), which also works with Marks & Spencer and Co-op, both believed to have been targeted by Scattered Spider, the same cybercrime group that has taken credit for the attack on JLR.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Scattered Spider)
