The Com

"The Com" is a significant threat actor in the cybersecurity landscape, with its roots traced back to late 2022. The group, known for its malicious activities, emerged as an offshoot of the cybercrime community "The Community," or "Comm." Largely composed of Americans and Brits, the group also goes by the name "Star Fraud." It has been linked to various high-profile attacks, including those on Las Vegas resorts, and extends beyond that ecosystem. Notably, the group operates within a larger cybercriminal network known as “The Com,” where members boast about their exploits and engage in social engineering tactics such as phone, email, or SMS scams to infiltrate corporate networks. The Com's modus operandi involves the use of a component ClassFile.ocx as the final payload Trojan in their attack flow. This option calls the same functions as the default case in HTTP and HTTPS modes, enabling the malware to run a cmd shell while exfiltrating the output via DNS A records. In addition, the group has been associated with SIM-swapping attacks, wherein the fraudsters phish or purchase credentials for mobile phone company employees, redirecting a target’s mobile calls and text messages to a device under their control. Recent actions by the Department of Justice (DOJ) suggest the government's awareness of the significant overlap between leading members of The Com and harm communities. As much as they extort victim companies for financial gain, The Com members are continually trying to wrest stolen money from their cybercriminal rivals, often resulting in real-world physical violence. Despite these activities, the group argues against being policed for harmful content on their platforms, citing Section 230 of Title 47 of the United States Code, enacted as part of the Communications Decency Act of 1996, which exempts internet platforms from certain types of liability.