The hackers, who are primarily teenagers and young adults are not only executing malicious attacks but also bragging about their operations in a language filled with racist and misogynistic slurs.
The cybersecurity researchers, who have been studying and monitoring the Com activities have urged policymakers and the cybersecurity community to confront the issue more seriously and take strong actions against the youth-led cybercrime group. While, in comparison to cybercriminal networks, state-backed hackers build a more high-profile case, recent instances of breaches led by new-generation hackers shall not be underestimated.
One of the instances being the high-profile breach that recently shook the operations of Las Vegas resorts, including Caesars Entertainment and MGM Resorts is believed to be the doing of threat actors called “Star Fraud,” one of the subgroups of the Com. These assaults show how dangerous and serious the larger Com ecosystem is.
The Caesars and MGM attacks were attributed to ALPHV, a Russian-based ransomware-as-a-service organization related to other attacks. The moniker "Scattered Spider," which has been linked to the attacks, is inaccurate, according to the researchers at the LABScon conference, as it combines a number of competing organizations from the Com ecosystem. Despite having similar strategies, these groups are different and might even face off against one another.
However, this does not stop here. In the past two years, some members of the threat group behind cyberattacks in corporate giants like Nvidia, Samsung, and Microsoft – Lapsus$ – are believed to have originated from the Com ecosystem.
This incident further highlighted the reach of cybercrime on young minds. In August 2023, a Cyber Safety Review Board report on Lapsus$ suggested an investigation to Congress to explore funding programs in order to prevent juvenile cybercrime.
In regards to the issue, the FBI has also conducted an investigation on the individuals linked with the Com for alleged cybercrime activities.
The Com has been connected to a number of illegal activities, including swatting, SIM swapping, bitcoin theft, and even real-world assault. These young cybercriminals are skilled at social engineering, taking advantage of their fluency in English to trick IT support desks and steal crucial company credentials.
The researchers also caution that these young hackers are now working together with international ransomware syndicates, which have a history of extorting millions of dollars globally. The question of how harmful online communities can radicalize children is comparable to how Com plays a role in luring young hackers into a life of cybercrime. The researchers contend that the radicalization these hackers experience is focused on cybercrime and evolving into their worst selves.