Full Report
Unit 221B’s Allison Nixon said crackdowns have effectively shown the group that their actions carry real consequences. The post Internet infamy drives The Com’s crime sprees appeared first on CyberScoop.
Analysis Summary
# Threat Actor: The Com
## Attribution & Identity
* **Identification:** A chaotic, sprawling, borderless, grassroots social phenomenon described as a "bottom-up social phenomenon."
* **Composition:** Composed primarily of teenagers and young adults.
* **Known Aliases/Associated Groups:** Affiliated with the child sextortion group **764** (leaders of which have been recently arrested).
* **Key Distinction:** Does not fit traditional cybercrime definitions (primarily financially-motivated or state-sponsored). It operates more like an internet street gang.
## Activity Summary
* The Com originated with financially motivated criminal activity, which escalated around 2018 after the surge in Bitcoin value transformed the underground scene.
* Since 2021, activity has pivoted towards violence and sextortion, often overlapping with high-dollar fraud.
* Recent activities include social engineering, crypto theft, phishing, SIM swapping, extortion, sextortion, swatting (e.g., incidents tracked in Henrico County, Virginia, linked to a 14-year-old in England), kidnapping, and murder.
* Some recent chaotic activity is being investigated by law enforcement as terrorism-related vigilante actions.
* The most dangerous members are idolized based on the harm and depravity of their behavior.
## Tactics, Techniques & Procedures
* Social engineering
* Crypto theft
* Phishing
* SIM swapping
* Extortion and Sextortion (including child sexual abuse material distribution)
* Swatting
* Kidnapping
* Murder
* Self-described vigilante actions (treated as terrorism by law enforcement)
* **Cultural TTP:** Criminality is driven by seeking notoriety among peers and perceived financial ease compared to traditional employment.
## Targeting
* **Sectors:** Not explicitly listed as sector-specific, but the range of crimes suggests targeting digital accounts, individuals for extortion, and general public safety (via swatting).
* **Geography:** Activities are widespread across the United States, with incidents reported in every state and investigated by every FBI field office. International elements exist (e.g., arrests linked to a UK-based individual).
* **Victims:** Individuals targeted for sextortion, fraud, and general harassment/violence.
## Tools & Infrastructure
* **Malware Families Used:** Not specified in detail, but implied use of tools related to fraud, SIM swapping, and general hacking techniques popularized post-2018.
* **Infrastructure (C2, domains, IPs):** Activity is primarily hosted on "websites that are independently owned and operated by criminals." Content often surfaces on commercial social media platforms.
## Implications
* The Com represents a significant shift in the hacking underground, moving from esoteric hacking techniques to a violent, socially-motivated criminal enterprise driven by young participants seeking belonging and quick financial gain.
* Law enforcement is actively cracking down, employing effective, fast responses to violent incidents, which seems to have a deterrent effect on the groups involved.
* The underlying cause is framed as a social phenomenon stemming from economic disillusionment among youth regarding traditional career paths.
## Mitigations
* Continued and swift legal consequences are effective in deterring current active members.
* Addressing the root social and economic factors influencing youth participation (e.g., improving career path perception for young adults/teenagers).
* Monitoring and addressing content spillover from hidden criminal forums onto commercial social media platforms.