Cyber extortion infographic: Hacker collective "Trinity of Chaos" icons (Muddled Libra, Bling Libra, LAPSUS$) with 1B Salesforce records flowing to dark web DLS site; timeline of October 3 launch and FBI October 9 seizure, fraud arrows to retail/hospitali

The cybercriminal group Scattered Lapsus$ Hunters (SLSH or SP1D3R HUNTERS), dubbed the "Trinity of Chaos" from Muddled Libra (Scattered Spider), Bling Libra (ShinyHunters), and LAPSUS$, has claimed stealing over 1 billion Salesforce records in two extortion campaigns. Part of the "The Com" network, Bling Libra leads this shift from data sales to direct extortion since 2020, targeting retail and hospitality via Salesforce customer tenants for sensitive info like customer data.

Cyber extortion infographic: Hacker collective "Trinity of Chaos" icons (Muddled Libra, Bling Libra, LAPSUS$) with 1B Salesforce records flowing to dark web DLS site; timeline of October 3 launch and FBI October 9 seizure, fraud arrows to retail/hospitaliCyber extortion infographic: Hacker collective "Trinity of Chaos" icons (Muddled Libra, Bling Libra, LAPSUS$) with 1B Salesforce records flowing to dark web DLS site; timeline of October 3 launch and FBI October 9 seizure, fraud arrows to retail/hospitali

On October 3, 2025, they launched a data leak site (DLS) on a BreachForums domain, listing 39 global organizations with an October 10 ransom deadline. Using an extortion-as-a-service (EaaS) model (25-30% cut), they recruit via Telegram for executive emails. They even targeted Salesforce, but the company refused payment. The FBI seized BreachForums domains on October 9, prompting threats of data dumps.

Cyber extortion infographic: Hacker collective "Trinity of Chaos" icons (Muddled Libra, Bling Libra, LAPSUS$) with 1B Salesforce records flowing to dark web DLS site; timeline of October 3 launch and FBI October 9 seizure, fraud arrows to retail/hospitaliCyber extortion infographic: Hacker collective "Trinity of Chaos" icons (Muddled Libra, Bling Libra, LAPSUS$) with 1B Salesforce records flowing to dark web DLS site; timeline of October 3 launch and FBI October 9 seizure, fraud arrows to retail/hospitali

Collaborator Crimson Collective breached Red Hat on October 1, exfiltrating 570 GB from 28,000 repos, including customer reports. Risks include identity theft, fraud (e.g., gift cards in retail, loyalty points in hospitality), and eroded trust. EaaS evades ransomware crackdowns. Mitigate with credential scanning, zero trust, conditional access, and ISAC intelligence for proactive defense.
 
 
NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security