The Com

The Com, short for “The Community,” is a loosely knit, primarily English-speaking cybercriminal ecosystem composed of interconnected networks of hackers, SIM swappers, extortionists, and violent criminal subsets. Reporting describes it as international but predominantly North American, with many members being minors or young adults, often roughly 11 to 25 years old. Known aliases include the_com and the_community. The Com is repeatedly described as the broader community from which groups such as Scattered Spider emerged, and reporting also links or associates activity by Lapsus$, ShinyHunters, BlackFile, and Pink to this ecosystem to varying degrees. Europol and the FBI describe The Com as splintered into three primary subsets: Hacker Com, In Real Life (IRL) Com, and Extortion Com. Hacker Com is associated with corporate intrusions and cybercrime including social engineering, phishing, vishing, credential theft, MFA bypass, SIM swapping, DDoS, ransomware, data theft, and extortion. Multiple reports state that actors tied to The Com commonly impersonate IT or help-desk staff, use Okta-themed phishing pages, target SSO environments, and abuse cloud and SaaS platforms including Okta, Salesforce, Microsoft 365, SharePoint, and OneDrive. The ecosystem is also described as using Telegram, Discord, hacker forums, social media, gaming communities, and messaging apps for coordination, recruitment, and bragging. IRL Com is described by the FBI as having evolved from the SIM-swapping community into a violence-as-a-service market. Reported IRL Com activities include shootings, kidnappings, armed robbery, stabbings, physical assault, bricking, swatting-for-hire, doxing, and intimidation. The FBI and other reporting state that The Com has at times resorted to violent tactics including throwing bricks through windows, arson, kidnapping, and shootings. Extortion Com is described in reporting as using sextortion, manipulation, and coercion, including recruitment and indoctrination of members through exploitation. Multiple sources cited in the content state that parts of The Com are linked to grooming, sextortion of minors, and production or trafficking of child sexual abuse material. Europol further characterizes The Com as a decentralized extremist network that recruits, radicalizes, and exploits young people, including via social media, messaging apps, gaming platforms, and music streaming platforms. The ecosystem is decentralized and overlapping rather than siloed: the FBI states members often participate across more than one subset simultaneously and maintain relationships across subsets when useful. Reporting also states that some members work under multiple banners at the same time, and that overlap among Scattered Spider, Lapsus$, ShinyHunters, and related “Scattered Lapsus$ Hunters” branding has caused attribution confusion. Law-enforcement and industry reporting indicate sustained attention on The Com. Europol’s Project Compass, launched in January 2025, described The Com as an extremist network and reported 30 arrests and 179 fully or partially identified members. The FBI has issued public warnings on both The Com broadly and IRL Com specifically.