Active ransomware operator
← All groupschaos
69 victims indexed · first seen 1 year ago · last activity 16 hours ago
At a glance
- Status
- active
- First seen
- 1 year ago
- Last activity
- 16 hours ago
- Onion sites
- 1 known endpoint
- Primary sector
- Technology · 12 hits
About
References
5 linksExternal sources curated by the MISP threat-intel community.
- ransomlook.io/group/chaos
- broadcom.com/support/security-center/protection-bulletin/chaos-ransomware-group-surfaces-with-aggressive-tactics
- cyble.com/blog/top-ransomware-groups-june-2025-qilin-top-spot-
- infosecurity-magazine.com/news/chaos-ransomware-wave-attacks/
- bleepingcomputer.com/news/security/chaos-ransomware-hits-optima-tax-relief-leaks-69gb-data/
Timeline
12 monthsTop countries
Top sectors
MITRE ATT&CK
3 techniques · 3 tacticsTactics
Recent victims
Loading…
Onion infrastructure
1 known- http://hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion
Source
Updated 16 hours agoData on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.
Get alerted the next time chaos posts a victim.
Add chaos to your watchlist — Pro pings you within 5 minutes of any new chaos leak-site post, Telegram callout, or affiliate-rebrand inference.

