Ransomware Group: CHAOS

VICTIM NAME: The Salvation Army

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the CHAOS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to The Salvation Army, a well-known organization providing social services across the United States. The attack was publicly disclosed on May 27, 2025, with the incident having occurred around the same date. The group responsible is identified as “chaos,” a known threat actor. Despite the claim that data will be released soon, no specific or sensitive data has yet been made available. The page includes a screenshot of what appears to be internal documentation or related imagery, which has been provided for reference. The attack’s exact impact in terms of data exfiltration remains unspecified at this stage.

The Salvation Army, established in 1865, operates in the public sector, offering vital social services such as food distribution, disaster relief, assistance for disabled and elderly individuals, homeless support, and programs for underprivileged children. The compromised data does not seem to contain any sensitive personal or PII information at this time, and the size of the data involved is noted as 0 GB, indicating that the extent of data affected may be minimal or not yet disclosed. The leak site provides a link to an onion service for further updates, but no specific details about stolen or leaked information have been confirmed publicly. The incident highlights ongoing cybersecurity risks faced by prominent, mission-driven organizations.