Back

The Com: Cybercrime Ecosystem Fuels Violence and Exploitation

Severity: High (Score: 67.2)

Sources: Darkreading, Flashpoint

Published: 2026-05-29 · Updated: 2026-05-29

Keywords: support, violence, hybrid, cyberattacks, sexploitation, understanding, illicit

Severity indicators: rat, cyberattack

Summary

The Com, a decentralized criminal ecosystem, has emerged as a significant threat, combining cybercrime, exploitation of minors, and real-world violence. This group primarily targets cloud and SaaS platforms, with notable attacks on major corporations like Okta and Salesforce. Flashpoint's analysis reveals that cybercrime acts as venture capital for domestic terrorism, radicalizing youth and converting them from victims to perpetrators. The Com's hacker wing, known as Hacker Com, is responsible for high-profile breaches and financial fraud, while other factions engage in extortion and physical violence. The group is predominantly composed of young members from North America, often recruited from gaming and social media. The blurred lines between its various factions complicate efforts to combat their activities, which have severe societal implications. The Com's activities are not only financially damaging but also contribute to a broader culture of violence and exploitation. Key Points: • The Com operates as a hybrid ecosystem of cybercrime and real-world violence. • Hacker Com targets major corporations, funding a pipeline of domestic terrorism. • The group's recruitment strategy focuses on young individuals from gaming communities.

Detailed Analysis

**Impact** The Com targets major corporations across the US, UK, and Canada, focusing on cloud and SaaS platforms such as Okta, Salesforce, and Microsoft365. The ecosystem involves thousands of members, predominantly young English-speaking individuals, and causes significant financial losses through cyberattacks, fraud, and ransomware. Beyond economic damage, The Com funds violent crimes including murder, arson, and child exploitation, creating a victim-to-perpetrator recruitment pipeline that radicalizes adolescents and fuels domestic terrorism. **Technical Details** The Com’s Hacker Com faction employs social engineering tactics like vishing, impersonating corporate IT staff to reset passwords and bypass MFA. They exploit human vulnerabilities and trusted vendor relationships, as seen in the Okta breach. Notable crews include Scattered Spider, LAPSUS$, ShinyHunters, and DragonForce. The group conducts SIM swaps, DDoS attacks, ransomware, and financial fraud. Specific CVEs or malware names were not detailed in the provided sources. **Recommended Response** Organizations should prioritize securing cloud and SaaS environments by enforcing strict MFA policies and training helpdesk personnel to recognize social engineering attempts. Monitoring for unusual password resets, MFA re-enrollments, and vendor access anomalies is critical. Blocking known IOCs related to Scattered Spider and LAPSUS$ should be implemented where available. No specific patches or malware signatures were provided; defenders must maintain vigilance on human-targeted attack vectors and interdepartmental coordination.

Source articles (2)

  • Understanding Illicit Ecosystems: The Hybrid Threat of "The Com" — Flashpoint · 2026-05-26
    In this post, we dive into the decentralized architecture of “The Com,” exposing its hybrid ecosystem of hacking, extortion, and real-life violence—and how it fuels a ruthless pipeline of cyber-fraud…
  • 'The Com' Cyberattacks Support Violence & Sexploitation — Darkreading · 2026-05-29
    Your organization's security failures have consequences for everyone else too, since this neo-Nazi-infested criminal gang uses its cyber winnings to support more violent and widespread crimes. Organiz…

Timeline

  • 2026-05-26 — Flashpoint analysis published: Flashpoint detailed The Com's hybrid ecosystem, linking cybercrime to domestic terrorism and youth radicalization.
  • 2026-05-29 — Darkreading article published: Darkreading reported on The Com's activities, emphasizing the societal costs of their cyberattacks and exploitation.

Related entities

  • Scattered Lapsus$ Hunters (Apt Group)
  • Scattered Spider (Apt Group)
  • ShinyHunters (Apt Group)
  • The Com (Ransomware Group)
  • DDoS (Attack Type)
  • Ransomware (Attack Type)
  • Jaguar Land Rover (Company)
  • Okta (Company)
  • Roblox (Company)
  • Salesforce (Company)
  • Canada (Country)
  • United Kingdom (Country)
  • United States (Country)
  • spider.as (Domain)
  • T1021 - Remote Services (Mitre Attack)
  • T1486 - Data Encrypted for Impact (Mitre Attack)
  • T1499 - Endpoint Denial of Service (Mitre Attack)
  • Microsoft365 (Platform)
  • Minecraft (Platform)
  • AnyDesk (Tool)
  • Ngrok (Tool)
  • Teleport (Tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed