The Com

"The Com" is a threat actor or cybercriminal community that has been involved in numerous high-profile cyberattacks, including recent attacks on Las Vegas resorts that severely impacted several prominent hotels and casinos. The community is largely composed of young hackers who are inducted into a life of crime through toxic online interactions, akin to radicalization processes seen in other dangerous online communities. These individuals participate in various illicit activities, from sextortion schemes and fraud to blackmail, often boasting about their exploits on the platform. They also collaborate with global ransomware syndicates to conduct high-profile intrusions. The Com's modus operandi includes the use of social engineering tactics such as phone, email, or SMS scams to gain access to corporate networks. Once access is gained, they deploy a final payload Trojan named ClassFile.ocx as part of their attack flow. This Trojan allows the malware to run a cmd shell and exfiltrate the output via DNS A records, providing the attackers with control over the infected systems. Notably, the Com's attacks extend far beyond the Las Vegas resorts, indicating a broad and persistent threat landscape. Researchers at SentinelOne's annual LABScon cyber threat intelligence conference have highlighted the need for lawmakers and the cybersecurity community to intensify their efforts against the Com's cybercrime ecosystem. They argue that attributing all attacks to a single group within the Com, such as Scattered Spider, is inaccurate and overlooks the various factions operating within this community. For instance, while Scattered Spider claimed responsibility for the MGM hack, it denied involvement in the Caesars attack, suggesting the presence of another subgroup, possibly Star Fraud. The Com's diverse and decentralized structure, coupled with its recruitment of young hackers, poses a significant challenge to law enforcement agencies and cybersecurity professionals.