Skip to content
Focus: The Com
Cross-sector: Tech / Telecom / FinTech / Social
Who is The Com? The Com is a decentralized global cybercrime subculture, primarily composed of English-speaking actors aged 11–25. Operated via Discord, Telegram, and private forums, it comprises loosely affiliated subsets, notably Hacker Com, IRL Com, and Extortion Com, with fluid memberships and diverse motivations including financial gain, notoriety, and ideological satisfaction.
Notable subsets
Hacker Com focuses on technical crime: ransomware, phishing, SIM swapping, IP theft, malware development, and account compromise.
IRL Com enables physical violence-for-hire, extortion, and coercion linked to online disputes.
Extortion Com targets vulnerable individuals, particularly minors, using doxxing, blackmail, and CSAM coercion.
Tie to Scattered Spider and RaaS Ecosystems
Security analysts have identified Scattered Spider (a.k.a. UNC3944 / Octo Tempest / 0ktapus) as an operational evolution of the Hacker Com faction, with shared TTPs and infrastructure dating back to notable breaches at companies like HubSpot, Twilio, Cloudflare, Riot Games, Coinbase, Reddit, and MGM.
Scattered Spider has expanded into ransomware deployment, often as an affiliate deploying ALPHV/BlackCat-based payloads. The group’s criminal infrastructure includes access brokering, social engineering, and targeted phishing designed to facilitate human-operated ransomware attacks.
Evolving Threat Profile
Tactics, Techniques & Procedures
- Initial Access & Credential Access
- Spear-phishing, social-engineered password resets of helpdesk/admin accounts.
- SIM-swapping and VoIP techniques enable account takeover and lateral privilege gain.
Modular, Burnable Toolkits
- Direct deployment of customized malware drop loaders and “burner” payloads built to evade behavioural and signature-based EDR detection.
Access Brokering Economy
- Initial access sold within cells or to ransomware affiliates and state-linked actors.
- Ecosystem model: multiple adversaries buy into the same network intrusion for different monetization objectives.
Ransomware & Double Extortion Deployments
- Scattered Spider affiliates deploy BlackCat/ALPHV payloads and other malware variants.
- Data theft precedes encryption, maximizing pressure through reputational and regulatory risk.
Real-World Violence as Leverage
- IRL Com subsets coordinate threats, kidnapping, or extortion to coerce victims or brag within the network.
How BlackFog Counters The Com Ecosystem
Real-Time Threat Prevention for Dynamic Cybercrime Cells
|
Threat Vector |
Observed Tactics |
BlackFog Countermeasure |
|
Initial Access |
Phishing; SIM/xSIM fraud; helpdesk compromise |
Behavioral AI; SaaS gateway monitoring; anomaly detection |
|
Credential Abuse |
VoIP spoofing; SIM swap; insider mediation |
Account monitoring; MFA enforcement; SIM/fraud alerts |
|
Modular & Burn Malware |
One-time loaders; burner malware |
Zero-trust process isolation; digital signatures enforced |
|
Access Brokering Activity |
Compromised network resale; multi-affiliate intrusions |
Network segmentation; lateral access alerting; isolation |
|
Ransomware Deployment |
BlackCat/ALPHV affiliates; double extortion |
Anti data exfiltration (ADX); execution disruption policies |
|
Real-World Coercion |
Violent extortion or physical threats linked to online disputes |
Incident escalation alerts; collaboration with law enforcement |
Why BlackFog?
In a cyber landscape increasingly shaped by human-operated threats, organizations need more than reactive alerts, they need 24/7 real-time prevention. BlackFog delivers exactly that.
With its unique anti data exfiltration (ADX) technology, AI based behavioral threat detection, and dynamic blocking capabilities, BlackFog helps organizations prevent breaches by ensuring unauthorized data never leaves the network.
For organizations with lean internal teams, BlackFog’s vCISO services provide expert leadership, streamlined incident response, and compliance-ready reporting, all tailored to the demands of that specific industry.
Ready to Learn More?
Visit blackfog.com or contact us at sa***@******og.com
Share This Story, Choose Your Platform!
Related Posts
BlackFog’s 2025 State of Ransomware Report Reveals 49% Increase in Attacks Year on Year
BlackFog’s 2025 State of Ransomware Report reveals a 49% surge in attacks, AI-driven threats, and why 86% of ransomware incidents go undisclosed.
2025 State of Ransomware Annual Report
BlackFog’s 2025 State of Ransomware Annual Report reveals a 49% surge in attacks, AI-driven threats, and why 86% of ransomware incidents go undisclosed.
The Expanding Role Of AI In Cybersecurity For Enterprises
With cyberattackers increasingly using AI-driven methods, find out why it's more important than ever for businesses to reevaluate the role of AI in cybersecurity.
Putting AI Protection Into Practice Across The Enterprise
The rise of tools like ChatGPT means that AI protection must now be a top priority for every firm. Learn what's involved in ensuring these platforms are used responsibly.
Addressing The AI Cybersecurity Risks Lurking Beneath Everyday Activities
A lack of visibility into how data is being used is one of the biggest AI cybersecurity risks every enterprise has to deal with. Find out why this matters.
AI Cybersecurity Threats Vs Traditional Attacks: What’s Changed?
Understanding what AI cybersecurity threats firms face and how they differ from traditional dangers is now essential for all companies. Here's what you need to know.