'The Com' Cyberattacks Support Violence & Sexploitation

Organizations that fail to adequately secure their cloud environments and software-as-a-service (SaaS) platforms may unknowingly contribute to funding violent crime and the exploitation of minors.

This week, Flashpoint conducted an analysis revealing concerning details about the cybercriminal group known as The Com. As significant Russian hacking groups have fractured and diminished over recent years, a new cohort of primarily North American cybercriminal networks has emerged, with many tracing their origins to a shared source. These groups operate under various monikers, such as ShinyHunters, Lapsus$, or Scattered Spider. At times, they merge into composite entities—like the "Scattered Lapsus$ Hunters"—highlighting their common roots. This interconnectedness indicates an increasingly alarming reality. The hacker faction of The Com, referred to as "Hacker Com," not only engages in high-profile cybercrimes but also supports heinous activities such as generating and trafficking child pornography, murder, and a multitude of other criminal endeavors. While investigators often refrain from definitively linking the funding of Scattered Lapsus$ Hunters to these particularly abhorrent crimes, researchers at Flashpoint contend that the boundary separating The Com's splinter groups (frequently composed of English-speaking adolescents) from violent criminal behavior is exceedingly vague, in some instances entirely absent. This dynamic is radicalizing younger individuals, drawing them into a harrowing existence characterized by suffering and despair.

Indeed, Scattered Lapsus$ Hunters have played a critical role in some of the most significant and financially damaging cyberattacks against the U.S. economy recently. Their ability to effectively target cloud services and SaaS platforms utilized by organizations across the Western world, including Okta, Salesforce, and Microsoft 365, distinguishes them in the cybercriminal landscape. However, the repercussions of their actions extend beyond the immediate harm inflicted on victims, representing a broader societal cost, as argued by Flashpoint.

What Is The Com Criminal Collective?

The Com embodies a diverse ecosystem comprising neo-Nazis, pedophiles, neo-Nazi pedophiles, select high-ranking government officials, and their vulnerable or trafficked victims.

While distributed globally, a significant portion of The Com’s members reside in North America. As highlighted, these individuals tend to be relatively young, a consequence of the collective's targeted recruiting strategies. The Com often draws potential recruits from gaming communities and social media platforms, employing grooming, solicitation, and sextortion tactics to exploit children, some of whom transition from victims to active members.

From a broader perspective, The Com can be categorized into three primary subsets. The "IRL Com" is responsible for physical crimes such as muggings and arson. The "Extortion Com" serves as a recruitment hub, leveraging indoctrination and sextortion to coerce children into producing pornography, engaging in violence, or creating violent content. "Hacker Com" is the segment tasked with breaching well-known corporations and executing a variety of other cybercrimes, including SIM swaps, distributed denial-of-service (DDoS) attacks, and ransomware incidents.

How The Com Supports Violence & Sex Crimes

Importantly, the IRL, Extortion, and Hacker subsets are not isolated from one another.

"The overlaps are significant, and the compartmentalization pursued by governments has resulted in confusion and insufficient prosecution of associated crimes," explains Allison Nixon, CEO of Unit 221B, who has been investigating The Com for 15 years. "I appreciate the reasoning behind this subdivision by authorities; however, it is vital for the public to understand that any hacker affiliated with The Com has a disproportionately high likelihood of possessing or compelling the creation of CSAM [child sexual abuse material], and members involved in sextortion within The Com are also more likely to engage in fraudulent activities as a source of income."

The hackers associated with The Com frequently engage in other criminal activities pursued by their peers. According to the FBI's Internet Crime Complaint Center, it is common for members to "participate in criminal activities across multiple subsets while maintaining relationships with individuals in various segments simultaneously to leverage their skills." Typically, individuals within these subgroups share common interests, ideologies, or goals, facilitating collaborative efforts.

Without delving into graphic specifics, Nixon provides an illustration: "Some of the earliest innovators of 764"—an associated network of neo-Nazi sextortionists—"have transitioned into extorting companies following their release from incarceration. This exemplifies why such individuals are often recidivists. The proceeds from their illicit activities are reinvested in the criminal enterprise, enabling funding for infrastructure developments and financial support for orchestrating physical attacks against rivals."

What's Happening in The Com Today?

Presently, The Com's significant hacking activities have experienced a lull, according to Darren Williams, founder and CEO of BlackFog. For instance, Scattered Spider has remained silent following its historically impactful attack on Jaguar Land Rover. Nevertheless, to assume they are inactive would be a misconception.

"Individuals within these groups frequently work for multiple organizations simultaneously, adapting their affiliations based on which ones are performing most successfully at any given time. This behavior is not unusual," Williams states. Hackers belonging to these collectives may be strategizing their next major initiative or exploiting targets under different organizational banners.

Throughout The Com, Nixon observes no reduction in criminal activity; instead, she notes a continual evolution of tactics and techniques that emerge "constantly."

"One particularly alarming trend that I predict will have significant ramifications is their capacity to systematically pinpoint and mobilize physical assets to specific locations," she notes. "They can choose to instruct a member to assault someone's residence, attempt a break-in, or connect to designated Wi-Fi networks, identifying an individual within their criminal networks who is both willing and capable of executing these tasks."