TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources THREAT INTELLIGENCE СLOUD SECURITY CYBER RISK CYBERATTACKS & DATA BREACHES NEWS 'The Com' Cyberattacks Support Violence & Sexploitation Your organization's security failures have consequences for everyone else too, since this neo-Nazi-infested criminal gang uses its cyber winnings to support more violent and widespread crimes. Nate Nelson,Contributing Writer May 29, 2026 5 Min Read SOURCE: JOHN WILLIAMS RF VIA ALAMY STOCK PHOTO Organizations that don't secure their cloud environments and software-as-a-service (SaaS) platforms are inadvertently funding violent crime and the exploitation of minors. An analysis this week from Flashpoint of the disturbing cybercriminal group known as The Com confirms that as major Russian groups have splintered and withered away in recent years, the new class of predominantly North American cybercriminal groups that has emerged all trace back in one way or another to the same source. Sometimes these threat groups go by different names: ShinyHunters, Lapsus$, or Scattered Spider. As previously reported, sometimes they combine into a single, inelegant unit — "Scattered Lapsus$ Hunters" — betraying that they in fact come from the same place. Regardless, these overlaps also suggest an increasingly disturbing reality. The Com's own hacker wing, "Hacker Com," supports its other, more disgusting projects: generating and trafficking child pornography, murder, and a laundry list of other hobbies for sociopaths. And though investigators generally stop short of tracing Scattered Lapsus$ Hunters funds to those specific other crimes, Flashpoint researchers argue that the line between The Com's splinter groups (which are often made up of English-speaking teenagers) and its violent crimes is blurry and in some cases nonexistent. And that, in turn, is radicalizing the young people involved and dragging them into a horrific world of pain and misery. Related:AI-Assisted Exploit Development Outpaces Scanner Detection So sure, Scattered Lapsus$ Hunters has been responsible for some of the most significant, costly cyberattacks across the US economy lately. They've separated from the pack by effectively targeting the cloud and SaaS platforms organizations across the Western world rely on most, like Okta, Salesforce, and Microsoft365. But beyond the consequences for victims, their crimes should be seen as a cost to society, Flashpoint argued. What Is The Com Criminal Collective? The Com is a diffuse ecosystem of neo-Nazis, pedophiles, neo-Nazi pedophiles, the odd high-ranking government employee, and their entrapped or trafficked victims. Though spread across the world, the majority of members live in North America. As mentioned, they skew young, in part as a consequence of its recruiting strategy. The Com often recruits from gaming communities and social media, and it does a lot of grooming, soliciting, and sextorting of children, some of whom it converts from victims to members. In the big picture, The Com can be thought of in three subsets. There's the "IRL Com," responsible for physical attacks like muggings and arson. "Extortion Com" is where new members are recruited, using indoctrination and sextortion to manipulate children into creating pornography, gore, or acting violently. Hacker Com is the arm responsible for breaching brand-name corporations, but also carrying out all kinds of other cybercrimes: SIM swaps, distributed denial-of-service (DDoS) attacks, and ransomware, among others. Related:State Cyber Leaders Push Congress for More Funding, Support How The Com Supports Violence & Sex Crimes Crucially, IRL, Extortion, and Hacker are not siloed from one another. "The overlap is significant, and the way governments have subdivided them has caused a lot of confusion and under-prosecution of crimes," explains Unit 221B CEO Allison Nixon, who's been pursuing The Com for 15 years. "I understand why governments do this, but the general public should understand that any given hacker in The Com has a much higher than average probability of possessing or forcing the creation of CSAM [child sexual abuse material], and sextorters in The Com have a much higher than average probability of engaging in fraud for their income." The Com's hackers have also been known to cross over and take part in the other sorts of crimes their fellow members specialize in. According to the FBI's Internet Crime Complaint Center, members "often participate in criminal activity encompassed in more than one subset and maintain relationships with members in multiple subsets simultaneously, in case their skills are beneficial. The members within these subgroups typically have a shared interest, ideology, or goal and work together." Related:Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks Without getting into the gory details, Nixon gives an example of how "Some of the earliest innovators of 764" — an associated network of neo-Nazi sextortionists — "have gone on to extort companies after they got out of jail. This is why they need to stay in. The proceeds of their crimes are reinvested back into the criminal enterprise, which is how they can pay for infrastructure and pay to send people to physically attack rivals." What's Happening in The Com Today? The Com's major hacking activity has lulled in recent weeks, according to BlackFog founder and CEO Darren Williams. Scattered Spider, for example, has been mum ever since its historically costly attack on Jaguar Land Rover. But it would be a mistake to believe they're dormant. "These individuals work for multiple [groups] at the same time. So they will chop and change based on which ones are most successful at the time. So this is not very unusual," Williams says. Hackers belonging to these groups may well be preparing for their next major campaign, or actively exploiting targets under different banners. Across the whole of The Com, Nixon is seeing just as much criminal activity as ever, with new tactics and techniques arising "always." "The most compelling trend that I think will have major consequences is the ability for these guys to systematically locate and deploy physical assets to locations," she says. "To decide they want to send a kid to assault someone's home, or break in, or connect to a specific Wi-Fi network, and locate a kid in their criminal social networks that is both willing and able to do this." About the Author Nate Nelson Contributing Writer Nate Nelson is a journalist and award-winning scriptwriter. In addition to Dark Reading he writes for Darknet Diaries, the most popular show in cybersecurity across all media. He began his career as a freelancer, ghostwriting Forbes and CNBC op-eds for executives in tech and finance. Then he transitioned to journalism at Threatpost, where he covered cybersecurity news and trends. Throughout those years he co-created a cybersecurity podcast, Malicious Life, which in its day climbed into the Top 20 technology podcasts charts on Apple Podcasts and Spotify. He holds degrees from New York University and Bard College. As a born and bred New Yorker, he enjoys a superiority complex, but is polite enough to keep it to himself. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy Essential News & Insights from Black Hat USA 2025 How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Access More Research Webinars The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack Defending in the Shadow Era: When the CVE Feed Goes Dark Building SecOps That Make the Most of Every Dollar AI-Powered Credential Security: Intelligence Without Exposure More Webinars You May Also Like THREAT INTELLIGENCE Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish by Jai Vijayan MAR 17, 2026 THREAT INTELLIGENCE Iran's Cyber-Kinetic War Doctrine Takes Shape by Alexander Culafi MAR 06, 2026 THREAT INTELLIGENCE React2Shell Exploits Flood the Internet as Attacks Continue by Rob Wright DEC 12, 2025 THREAT INTELLIGENCE Chinese Gov't Fronts Trick the West to Obtain Cyber Tech by Nate Nelson, Contributing Writer OCT 06, 2025 Editor's Choice CYBERSECURITY OPERATIONS 20 Leaders Who Built the CISO Era: 2 Decades of Change byDark Reading Editorial Team MAY 12, 2026 41 MIN READ APPLICATION SECURITY It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight byJai Vijayan MAY 12, 2026 5 MIN READ CYBERATTACKS & DATA BREACHES Instructure Breach Exposes Schools' Vendor Dependence byAlexander Culafi MAY 6, 2026 4 MIN READ Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed TUESDAY, JUNE 23, 2026 1:00 PM EDT Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack THURS, JUNE 25, 2026, AT 1PM EST Defending in the Shadow Era: When the CVE Feed Goes Dark TUES, JUNE 16, 2026 AT 1PM EST Building SecOps That Make the Most of Every Dollar THURS, JULY 9, 2026 AT 1PM EST AI-Powered Credential Security: Intelligence Without Exposure WED, JUNE 17, 2026, AT 1PM EST More Webinars BLACK HAT USA | MANDALAY BAY, LAS VEGAS The premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREAD