'The Com' Cyberattacks Support Violence & Sexploitation
Dark ReadingArchived May 29, 2026✓ Full text saved
Your organization's security failures have consequences for everyone else too, since this neo-Nazi-infested criminal gang uses its cyber winnings to support more violent and widespread crimes.
Full text archived locally
✦ AI Summary· Claude Sonnet
THREAT INTELLIGENCE
СLOUD SECURITY
CYBER RISK
CYBERATTACKS & DATA BREACHES
NEWS
'The Com' Cyberattacks Support Violence & Sexploitation
Your organization's security failures have consequences for everyone else too, since this neo-Nazi-infested criminal gang uses its cyber winnings to support more violent and widespread crimes.
Nate Nelson,Contributing Writer
May 29, 2026
5 Min Read
SOURCE: JOHN WILLIAMS RF VIA ALAMY STOCK PHOTO
Organizations that don't secure their cloud environments and software-as-a-service (SaaS) platforms are inadvertently funding violent crime and the exploitation of minors.
An analysis this week from Flashpoint of the disturbing cybercriminal group known as The Com confirms that as major Russian groups have splintered and withered away in recent years, the new class of predominantly North American cybercriminal groups that has emerged all trace back in one way or another to the same source. Sometimes these threat groups go by different names: ShinyHunters, Lapsus$, or Scattered Spider. As previously reported, sometimes they combine into a single, inelegant unit — "Scattered Lapsus$ Hunters" — betraying that they in fact come from the same place. Regardless, these overlaps also suggest an increasingly disturbing reality. The Com's own hacker wing, "Hacker Com," supports its other, more disgusting projects: generating and trafficking child pornography, murder, and a laundry list of other hobbies for sociopaths. And though investigators generally stop short of tracing Scattered Lapsus$ Hunters funds to those specific other crimes, Flashpoint researchers argue that the line between The Com's splinter groups (which are often made up of English-speaking teenagers) and its violent crimes is blurry and in some cases nonexistent. And that, in turn, is radicalizing the young people involved and dragging them into a horrific world of pain and misery.
Related:AI-Assisted Exploit Development Outpaces Scanner Detection
So sure, Scattered Lapsus$ Hunters has been responsible for some of the most significant, costly cyberattacks across the US economy lately. They've separated from the pack by effectively targeting the cloud and SaaS platforms organizations across the Western world rely on most, like Okta, Salesforce, and Microsoft365. But beyond the consequences for victims, their crimes should be seen as a cost to society, Flashpoint argued.
What Is The Com Criminal Collective?
The Com is a diffuse ecosystem of neo-Nazis, pedophiles, neo-Nazi pedophiles, the odd high-ranking government employee, and their entrapped or trafficked victims.
Though spread across the world, the majority of members live in North America. As mentioned, they skew young, in part as a consequence of its recruiting strategy. The Com often recruits from gaming communities and social media, and it does a lot of grooming, soliciting, and sextorting of children, some of whom it converts from victims to members.
In the big picture, The Com can be thought of in three subsets. There's the "IRL Com," responsible for physical attacks like muggings and arson. "Extortion Com" is where new members are recruited, using indoctrination and sextortion to manipulate children into creating pornography, gore, or acting violently. Hacker Com is the arm responsible for breaching brand-name corporations, but also carrying out all kinds of other cybercrimes: SIM swaps, distributed denial-of-service (DDoS) attacks, and ransomware, among others.
Related:State Cyber Leaders Push Congress for More Funding, Support
How The Com Supports Violence & Sex Crimes
Crucially, IRL, Extortion, and Hacker are not siloed from one another.
"The overlap is significant, and the way governments have subdivided them has caused a lot of confusion and under-prosecution of crimes," explains Unit 221B CEO Allison Nixon, who's been pursuing The Com for 15 years. "I understand why governments do this, but the general public should understand that any given hacker in The Com has a much higher than average probability of possessing or forcing the creation of CSAM [child sexual abuse material], and sextorters in The Com have a much higher than average probability of engaging in fraud for their income."
The Com's hackers have also been known to cross over and take part in the other sorts of crimes their fellow members specialize in. According to the FBI's Internet Crime Complaint Center, members "often participate in criminal activity encompassed in more than one subset and maintain relationships with members in multiple subsets simultaneously, in case their skills are beneficial. The members within these subgroups typically have a shared interest, ideology, or goal and work together."
Related:Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
Without getting into the gory details, Nixon gives an example of how "Some of the earliest innovators of 764" — an associated network of neo-Nazi sextortionists — "have gone on to extort companies after they got out of jail. This is why they need to stay in. The proceeds of their crimes are reinvested back into the criminal enterprise, which is how they can pay for infrastructure and pay to send people to physically attack rivals."
What's Happening in The Com Today?
The Com's major hacking activity has lulled in recent weeks, according to BlackFog founder and CEO Darren Williams. Scattered Spider, for example, has been mum ever since its historically costly attack on Jaguar Land Rover. But it would be a mistake to believe they're dormant.
"These individuals work for multiple [groups] at the same time. So they will chop and change based on which ones are most successful at the time. So this is not very unusual," Williams says. Hackers belonging to these groups may well be preparing for their next major campaign, or actively exploiting targets under different banners.
Across the whole of The Com, Nixon is seeing just as much criminal activity as ever, with new tactics and techniques arising "always."
"The most compelling trend that I think will have major consequences is the ability for these guys to systematically locate and deploy physical assets to locations," she says. "To decide they want to send a kid to assault someone's home, or break in, or connect to a specific Wi-Fi network, and locate a kid in their criminal social networks that is both willing and able to do this."
About the Author
Nate Nelson
Contributing Writer
Nate Nelson is a journalist and award-winning scriptwriter. In addition to Dark Reading he writes for Darknet Diaries, the most popular show in cybersecurity across all media.
He began his career as a freelancer, ghostwriting Forbes and CNBC op-eds for executives in tech and finance. Then he transitioned to journalism at Threatpost, where he covered cybersecurity news and trends. Throughout those years he co-created a cybersecurity podcast, Malicious Life, which in its day climbed into the Top 20 technology podcasts charts on Apple Podcasts and Spotify.
He holds degrees from New York University and Bard College. As a born and bred New Yorker, he enjoys a superiority complex, but is polite enough to keep it to himself.
Want more Dark Reading stories in your Google search results?
ADD US NOW
More Insights
Industry Reports
How Organizations Are Managing Incident Response
How Enterprises Are Developing Secure Applications
Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy
Essential News & Insights from Black Hat USA 2025
How Enterprises Are Harnessing Emerging Technologies in Cybersecurity
Access More Research
Webinars
The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed
Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack
Defending in the Shadow Era: When the CVE Feed Goes Dark
Building SecOps That Make the Most of Every Dollar
AI-Powered Credential Security: Intelligence Without Exposure
More Webinars
You May Also Like
THREAT INTELLIGENCE
Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish
by Jai Vijayan
MAR 17, 2026
THREAT INTELLIGENCE
Iran's Cyber-Kinetic War Doctrine Takes Shape
by Alexander Culafi
MAR 06, 2026
THREAT INTELLIGENCE
React2Shell Exploits Flood the Internet as Attacks Continue
by Rob Wright
DEC 12, 2025
THREAT INTELLIGENCE
Chinese Gov't Fronts Trick the West to Obtain Cyber Tech
by Nate Nelson, Contributing Writer
OCT 06, 2025
Editor's Choice
CYBERSECURITY OPERATIONS
20 Leaders Who Built the CISO Era: 2 Decades of Change
byDark Reading Editorial Team
MAY 12, 2026
41 MIN READ
APPLICATION SECURITY
It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight
byJai Vijayan
MAY 12, 2026
5 MIN READ
CYBERATTACKS & DATA BREACHES
Instructure Breach Exposes Schools' Vendor Dependence
byAlexander Culafi
MAY 6, 2026
4 MIN READ
Want more Dark Reading stories in your Google search results?
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
SUBSCRIBE
Webinars
The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed
TUESDAY, JUNE 23, 2026 1:00 PM EDT
Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack
THURS, JUNE 25, 2026, AT 1PM EST
Defending in the Shadow Era: When the CVE Feed Goes Dark
TUES, JUNE 16, 2026 AT 1PM EST
Building SecOps That Make the Most of Every Dollar
THURS, JULY 9, 2026 AT 1PM EST
AI-Powered Credential Security: Intelligence Without Exposure
WED, JUNE 17, 2026, AT 1PM EST
More Webinars
BLACK HAT USA | MANDALAY BAY, LAS VEGAS
The premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.
GET YOUR PASS