The Com

Threat Actor Profile Updated 19 hours ago
Download STIX
Preview STIX
"The Com" is a threat actor or cybercriminal community that has been involved in numerous high-profile cyberattacks, including recent attacks on Las Vegas resorts that severely impacted several prominent hotels and casinos. The community is largely composed of young hackers who are inducted into a life of crime through toxic online interactions, akin to radicalization processes seen in other dangerous online communities. These individuals participate in various illicit activities, from sextortion schemes and fraud to blackmail, often boasting about their exploits on the platform. They also collaborate with global ransomware syndicates to conduct high-profile intrusions. The Com's modus operandi includes the use of social engineering tactics such as phone, email, or SMS scams to gain access to corporate networks. Once access is gained, they deploy a final payload Trojan named ClassFile.ocx as part of their attack flow. This Trojan allows the malware to run a cmd shell and exfiltrate the output via DNS A records, providing the attackers with control over the infected systems. Notably, the Com's attacks extend far beyond the Las Vegas resorts, indicating a broad and persistent threat landscape. Researchers at SentinelOne's annual LABScon cyber threat intelligence conference have highlighted the need for lawmakers and the cybersecurity community to intensify their efforts against the Com's cybercrime ecosystem. They argue that attributing all attacks to a single group within the Com, such as Scattered Spider, is inaccurate and overlooks the various factions operating within this community. For instance, while Scattered Spider claimed responsibility for the MGM hack, it denied involvement in the Caesars attack, suggesting the presence of another subgroup, possibly Star Fraud. The Com's diverse and decentralized structure, coupled with its recruitment of young hackers, poses a significant challenge to law enforcement agencies and cybersecurity professionals.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Scattered Spider
2
Scattered Spider is a prominent threat actor group involved in cybercrime activities with malicious intent. The group employs various tactics to compromise its targets, including phishing for login credentials, searching SharePoint repositories for sensitive information, and exploiting infrastructur
Star Fraud
1
Star Fraud, a threat actor subgroup within the larger entity known as the Com, has recently been implicated in significant cyber-attacks on two major entertainment corporations, Caesars Entertainment and MGM Resorts International. These attacks were high-profile extortion attempts that underscored t
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Fraud
Cyberscoop
Cybercrime
Extortion
Malware
Ransomware
Exploits
Scams
Telegram
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
1
LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AlphvUnspecified
1
AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car
LapsusUnspecified
1
Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the The Com Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
19 hours ago
UK police arrested a 17-year-old linked to Scattered Spider gang
Securityaffairs
a month ago
Spanish police arrested an alleged member of the Scattered Spider group
CERT-EU
4 months ago
Billionaire Frank McCourt says the surgeon general is only half right about the social-media mental health crisis. It’s a crisis of personhood, not privacy
CERT-EU
8 months ago
The New APT Group DarkCasino and the Global Surge in WinRAR 0-Day Exploits
CERT-EU
10 months ago
Smells like teen hackers - POLITICO | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
10 months ago
Major cyber breaches orchestrated by youth hackers
MITRE
a year ago
How WellMess malware has been used to target COVID-19 vaccines
CERT-EU
10 months ago
Youth hacking ring at the center of cybercrime spree
CERT-EU
10 months ago
What we know about BlackCat and the MGM hack
CERT-EU
8 months ago
Ransomware groups rack up victims among corporate America