FBI: Thousands of people involved in 'The Com' targeting victims with ransomware, swatting

The FBI released a warning on Wednesday about a loosely-organized cybercriminal organization known as The Com that is launching cyberattacks to steal money and gain access to sensitive information. 

The agency released three bulletins about the group — which is composed primarily of English-speaking minors but has expanded to include thousands of people who engage in a variety of cybercriminal activity. The activities include ransomware attacks, swatting, extortion of minors, the distribution of child sexual abuse material, distributed denial-of-service (DDoS) attacks, SIM Swapping, cryptocurrency theft and more. 

“The motivations behind the criminal activity vary, but often fall within one of the following: financial gain, retaliation, ideology, sexual gratification, and notoriety,” the FBI said. 

While cybersecurity experts and law enforcement have long warned of the group and its offshoots, the FBI said its sophistication “has grown over the last four years, with subjects employing increasingly complex methods to mask their identities, hide financial transactions, and launder money.” 

The bulletin notes that the group is familiar with the U.K. and U.S. criminal justice systems and specifically recruits minors in the hopes of avoiding longer sentences or stiffer penalties for their crimes. 

The group tried to bring in members through gaming sites and specifically targets people between the ages of 11 and 25 years old. 

Subgroup swatting

The Com is made up of multiple subgroups, many of which use swatting as an entry point into the larger ecosystem. Swatting is when people call the police on an unsuspecting person with the intent of causing chaos or potential injury from law enforcement action. 

Each subgroup has some cybercriminal focus to it but people often share their expertise across groups. An affiliated subgroup — Scattered Spider — has garnered headlines over the last two years for dozens of high profile cyberattacks on prominent companies like MGM Resorts and most recently caused concern this year with consecutive campaigns targeting the retail, insurance and airline industries. 

The FBI on Wednesday released additional bulletins on two subgroups: Hacker Com and In Real Life (IRL) Com. 

Several members of Hacker Com have been linked to ransomware-as-a-service (RaaS) groups and typically sell their services to other cybercriminal operations for profit. The FBI has tracked members who sell government email accounts, develop malware and use an array of sophisticated tools to launch attacks. 

“Open-source information indicates Hacker Com groups are responsible for high-profile attacks and intrusions and have affiliations with ransomware organizations,” the FBI said.

“Cryptocurrency theft is the primary motivator for many Com actors, which often leads to internal conflicts and Com members themselves becoming the targets of SIM swaps and other cyber-related crime. Perceived slights, membership in a rival group, or boasts about cryptocurrency balances can provoke Com actors to attack each other.”

Members brag about their attacks and profit — at times stealing cryptocurrency from each other. 

The FBI said it has seen evidence of members using kidnapping, torture, threats of violence toward family members and the use of firearms in attacks on each other or on rivals. 

These real-world attacks bleed into other subgroups including IRL Com and Extortion Com. IRL Com has participated in shootings, kidnappings, armed robbery, stabbings, physical assault and bricking — typically offering violence-as-a-service. 

Extortion Com “primarily involves the exploitation of children,” the FBI said, adding that members extort minors, typically females, through threats of doxing, swatting and violence if member demands are not met. 

In February, law enforcement in the U.K. arrested one member of The Com for blackmailing young girls. Britain’s National Crime Agency released another warning in March that a new generation of teenage boys are joining networks associated with The Com and sharing “sadistic and misogynistic material.”

At an FBI cybersecurity conference in New York last week, several officials at the Justice Department spoke at length about 764, another offshoot of The Com that focuses on the grooming, manipulation and extortion of minors for the production of child sexual abuse material.

“We see it as sort of an accelerationist kind of group, the idea that they want to sow chaos and bring about violence, to bring about the downfall of society,” said Robert Kissane, Special Agent in Charge for the FBI’s NY Joint Terrorism Task Force.

“I'm not so concerned about them bringing about the downfall of society, but I am concerned about them targeting and corrupting a bunch of young people to do some really bad things to themselves.”