INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

Com Exploitation via Spear Phishing Attacks

| 2026-05-29 12:00 CRITICAL LOW
JSON
Executive Summary AI-generated
The cybercriminal group known as The Com, a predominantly North American entity linked to Russian groups that splintered years ago, has emerged with a new class of cybercriminals tracing back to the same source. This scattered network of hackers and their victims is supported by organizations across Western platforms, including Okta, Salesforce, and Microsoft365. Investigators argue that governments have subdivided them, causing confusion and under-prosecution of crimes. The Com's influence extends globally, with members participating in various subsets of cybercrime encompassing multiple skill sets.
Technical Mitigations AI-generated
• Implement robust cloud security measures, such as multi-factor authentication and encryption, to protect SaaS platforms from The Com's cyberattacks. • Conduct regular software updates and patches for critical systems to prevent exploitation by The Com hackers. • Use secure communication channels, like end-to-end encrypted messaging apps, when interacting with potential victims or partners within the group.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
Scattered SpiderScattered Spider RoverRover
Target & Sectors
NORTH_AMERICA NORTH_AMERICA CENTRAL_ASIA CENTRAL_ASIA governmentgovernment mediamedia
Incident Timeline
‎2026/05/29
Threat actors used phishing to target The Com.
‎2026/05/29
The Com, a diffuse ecosystem of neo-Nazis and their victims.
organisation TA4922 Expands Cybercrime Attacks Globally
Related: China's TA4922 Expands Cybercrime Attacks Globally
organisation AI-Assisted Exploit Development Outpaces
Related: AI-Assisted Exploit Development Outpaces Scanner Detection So sure, Scattered Lapsus$ Hunters has been responsible for some of the most significant, costly cyberattacks across the US economy lately.
organisation State
Related: State Cyber Leaders Push Congress for More Funding, Support How The Com Supports Violence & Sex Crimes Crucially, IRL, Extortion, and Hacker are not siloed from one another.
organisation SIM
Hacker Com is the arm responsible for breaching brand-name corporations, but also carrying out all kinds of other cybercrimes: SIM swaps, distributed denial-of-service (DDoS) attacks, and ransomware, among others.
organisation ShinyHunters
Sometimes these threat groups go by different names: ShinyHunters , Lapsus$ , or Scattered Spider .
threat_actor Scattered Spider
Sometimes these threat groups go by different names: ShinyHunters , Lapsus$ , or Scattered Spider .
Scattered Spider, for example, has been mum ever since its historically costly attack on Jaguar Land Rover .
organisation Jaguar Land
Scattered Spider, for example, has been mum ever since its historically costly attack on Jaguar Land Rover .
organisation Scattered Lapsus$ Hunters
And though investigators generally stop short of tracing Scattered Lapsus$ Hunters funds to those specific other crimes, Flashpoint researchers argue that the line between The Com's splinter groups (which are often made up of English-speaking teenagers) and its violent crimes is blurry and in some cases nonexistent.
organisation Flashpoint
And though investigators generally stop short of tracing Scattered Lapsus$ Hunters funds to those specific other crimes, Flashpoint researchers argue that the line between The Com's splinter groups (which are often made up of English-speaking teenagers) and its violent crimes is blurry and in some cases nonexistent.
organisation Okta, Salesforce
platforms organizations across the Western world rely on most, like Okta, Salesforce, and Microsoft365.
organisation CSAM
"I understand why governments do this, but the general public should understand that any given hacker in The Com has a much higher than average probability of possessing or forcing the creation of CSAM
organisation Another Palo Alto Auth Bypass Bug Under
" Related: Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit Without getting into the gory details, Nixon gives an example of how "Some of the earliest innovators of 764" — an associated network of neo-Nazi sextortionists — "have gone on to extort companies after they got out of jail.
organisation BlackFog
The Com's major hacking activity has lulled in recent weeks, according to BlackFog founder and CEO Darren Williams.
infrastructure Linux
" Related: Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks Without getting into the gory details, Nixon gives an example of how "Some of the earliest innovators of 764" — an associated network of neo-Nazi sextortionists — "have gone on to extort companies after they got out of jail.
Tactical Metrics
Metrics
infrastructure
‎Linux
Affected Product
" Related: Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks Without getting into the gory details, Nixon gives an example of how "Some of the earliest innovators of 764" — an associated network of neo-Nazi sextortionists — "have gone on to extort companies after they got out of jail.
Intelligence Sources
Dark Reading 2026-05-29
Dark Reading 2026-05-29